Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1528371
MD5:5d0beee43c279e20df593c949090fa0a
SHA1:59ef176b2a0d1b8e54ab13f8a0e447104645b850
SHA256:c6c522da27129bc6298ff5286c6c271a7b7bf6ae7376cf7c4fc84dba2dfb8ca0
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3040 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5D0BEEE43C279E20DF593C949090FA0A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["studennotediw.stor", "eaglepawnoy.stor", "spirittunek.stor", "mobbipenju.stor", "dissapoiznw.stor", "bathdoomgaz.stor", "clearancek.site", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:08.691517+020020546531A Network Trojan was detected192.168.2.649713104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:08.691517+020020498361A Network Trojan was detected192.168.2.649713104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:06.475159+020020564771Domain Observed Used for C2 Detected192.168.2.6561781.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:06.395836+020020564711Domain Observed Used for C2 Detected192.168.2.6610741.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:06.450019+020020564811Domain Observed Used for C2 Detected192.168.2.6504781.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:06.436400+020020564831Domain Observed Used for C2 Detected192.168.2.6595871.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:06.499407+020020564731Domain Observed Used for C2 Detected192.168.2.6495461.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:06.422416+020020564851Domain Observed Used for C2 Detected192.168.2.6637031.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:06.487153+020020564751Domain Observed Used for C2 Detected192.168.2.6552141.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-07T21:18:06.462444+020020564791Domain Observed Used for C2 Detected192.168.2.6498611.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.3040.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["studennotediw.stor", "eaglepawnoy.stor", "spirittunek.stor", "mobbipenju.stor", "dissapoiznw.stor", "bathdoomgaz.stor", "clearancek.site", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49713 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_003FD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_003FD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_004363B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00435700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0043695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_004399D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_003FFCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00400EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00434040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_003F1000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00406F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0042F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00436094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0041D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00412260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00412260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_004042FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_003FA300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_004223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_004223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_004223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_004223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_004223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_004223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00431440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0040D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0041C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0041E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0040B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_004364B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00419510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00437520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00406536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_003F8590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0042B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0041E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00437710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_004367EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0041D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_004128E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0040D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00433920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_003F49A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00434A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_003F5A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00401A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00401ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00439B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0040DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0040DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00403BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00401BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00420B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0041EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00417C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0042FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0041CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0041CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0041CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00439CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00439CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0041AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0041AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0041FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0041DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00438D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0041AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00417E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00415E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00404E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_003FBEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_003F6EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00401E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00406EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00419F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0042FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00437FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00437FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00435FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0040FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00406F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_003F8FD0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:63703 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:49546 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:61074 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:56178 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:55214 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:59587 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:49861 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:50478 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49713 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 104.21.53.8:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: studennotediw.stor
    Source: Malware configuration extractorURLs: eaglepawnoy.stor
    Source: Malware configuration extractorURLs: spirittunek.stor
    Source: Malware configuration extractorURLs: mobbipenju.stor
    Source: Malware configuration extractorURLs: dissapoiznw.stor
    Source: Malware configuration extractorURLs: bathdoomgaz.stor
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Joe Sandbox ViewIP Address: 104.21.53.8 104.21.53.8
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.ste equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic;
    Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bathdoomgaz.store:443/apiA
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.ecc
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/as
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.a
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.st
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.
    Source: file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/publi
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4Ok
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContentl
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=l
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/sticker
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/ja
    Source: file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_re
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEG
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/;
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218168501.0000000000E27000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/CI
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218364928.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199613296.0000000000E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/kI
    Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000002.2218364928.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199613296.0000000000E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218429199.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.2199613296.0000000000E67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218364928.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000002.2218364928.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199613296.0000000000E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611997243319007
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.ste
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.stea
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store:443/api
    Source: file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/re
    Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49713 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004002280_2_00400228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004340400_2_00434040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F10000_2_003F1000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004020300_2_00402030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0043A0D00_2_0043A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F51600_2_003F5160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003FE1A00_2_003FE1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F71F00_2_003F71F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004282D00_2_004282D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004212D00_2_004212D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F12F70_2_003F12F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003FA3000_2_003FA300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F13A30_2_003F13A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003FB3A00_2_003FB3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004223E00_2_004223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041C4700_2_0041C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005AC4F40_2_005AC4F4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004264F00_2_004264F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004044870_2_00404487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040049B0_2_0040049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005BB5450_2_005BB545
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005C05720_2_005C0572
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B65140_2_005B6514
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F35B00_2_003F35B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F85900_2_003F8590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040C5F00_2_0040C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004386520_2_00438652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042F6200_2_0042F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F164F0_2_003F164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004386F00_2_004386F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B27290_2_005B2729
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004218600_2_00421860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003FA8500_2_003FA850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042B8C00_2_0042B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042E8A00_2_0042E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004A19460_2_004A1946
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005AA9490_2_005AA949
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0047E9670_2_0047E967
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005AF9130_2_005AF913
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005AF9CC0_2_005AF9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041098B0_2_0041098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004389A00_2_004389A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00434A400_2_00434A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00438A800_2_00438A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00437AB00_2_00437AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DB6F0_2_0040DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F7BF00_2_003F7BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00438C020_2_00438C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B4C1D0_2_005B4C1D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041CCD00_2_0041CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00436CBF0_2_00436CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00418D620_2_00418D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041FD100_2_0041FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041DD290_2_0041DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041AE570_2_0041AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00438E700_2_00438E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404E2A0_2_00404E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003FBEB00_2_003FBEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005ADEAB0_2_005ADEAB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406EBF0_2_00406EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005BCF470_2_005BCF47
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003FAF100_2_003FAF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00544F620_2_00544F62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00437FC00_2_00437FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005B2FE80_2_005B2FE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003F8FD00_2_003F8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 003FCAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0040D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995487830033003
    Source: file.exeStatic PE information: Section: jvjsmpcp ZLIB complexity 0.9944149137409201
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00428220 CoCreateInstance,0_2_00428220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 1861632 > 1048576
    Source: file.exeStatic PE information: Raw size of jvjsmpcp is bigger than: 0x100000 < 0x19d000

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.3f0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;jvjsmpcp:EW;gwbnwyoc:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;jvjsmpcp:EW;gwbnwyoc:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d4095 should be: 0x1cadbd
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: jvjsmpcp
    Source: file.exeStatic PE information: section name: gwbnwyoc
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005EA079 push esi; mov dword ptr [esp], eax0_2_005EA101
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00452007 push edx; mov dword ptr [esp], eax0_2_0045222E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006310BD push 716BC2A3h; mov dword ptr [esp], edi0_2_006310CB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062C164 push 6DB92B7Ch; mov dword ptr [esp], eax0_2_0062C1CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A917B push 3AA6861Bh; mov dword ptr [esp], ebp0_2_006A918F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00617123 push edx; mov dword ptr [esp], eax0_2_00617520
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00617123 push 713B6EA6h; mov dword ptr [esp], eax0_2_0061777B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065C11E push esi; mov dword ptr [esp], 20D3456Dh0_2_0065C25C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EB1A8 push edx; mov dword ptr [esp], 4FBFFFD0h0_2_006EB1D4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EB1A8 push ebx; mov dword ptr [esp], eax0_2_006EB248
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062D185 push ebp; mov dword ptr [esp], edi0_2_0062D172
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063D20C push ebx; mov dword ptr [esp], ecx0_2_0063D2F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0043F23B push edx; ret 0_2_0043F24B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066421D push edx; mov dword ptr [esp], edi0_2_00664227
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006402C8 push 72A235C0h; mov dword ptr [esp], eax0_2_0064026A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006402C8 push 0FC70C12h; mov dword ptr [esp], ecx0_2_00640335
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006692B6 push ecx; mov dword ptr [esp], eax0_2_00669302
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064037A push ebp; mov dword ptr [esp], edx0_2_00640388
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064037A push 728A15BBh; mov dword ptr [esp], ecx0_2_00640428
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062034C push 5565C531h; mov dword ptr [esp], ecx0_2_006203D9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066D334 push edx; mov dword ptr [esp], 6BEFC390h0_2_0066D353
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C4312 push 148DE0D2h; mov dword ptr [esp], edx0_2_006C4348
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C4312 push edi; mov dword ptr [esp], esi0_2_006C436C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006753AD push eax; mov dword ptr [esp], ecx0_2_0067540E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006833B6 push 5B1D5779h; mov dword ptr [esp], ecx0_2_006833E1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006833B6 push 756E7876h; mov dword ptr [esp], edx0_2_00683433
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00610390 push edx; mov dword ptr [esp], edi0_2_006103B2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00610390 push edx; mov dword ptr [esp], ebp0_2_006103D8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00610390 push edx; mov dword ptr [esp], eax0_2_00610439
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060147B push ebp; mov dword ptr [esp], 5FFBBFD0h0_2_00601CD3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0051046F push ecx; mov dword ptr [esp], esi0_2_00510492
    Source: file.exeStatic PE information: section name: entropy: 7.97840910686373
    Source: file.exeStatic PE information: section name: jvjsmpcp entropy: 7.95452951026357

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C5F59 second address: 5C5F5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C5F5D second address: 5C5F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C78FD second address: 5C7957 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jc 00007F65C0B38BE6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 mov dword ptr [ebp+122D1E37h], edi 0x00000016 mov edi, dword ptr [ebp+122D365Dh] 0x0000001c popad 0x0000001d push 00000000h 0x0000001f call 00007F65C0B38BE9h 0x00000024 ja 00007F65C0B38BF6h 0x0000002a jmp 00007F65C0B38BF0h 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F65C0B38BF7h 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7957 second address: 5C795D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C795D second address: 5C7A27 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F65C0B38BFDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push esi 0x0000000f jns 00007F65C0B38BF1h 0x00000015 pop esi 0x00000016 mov eax, dword ptr [eax] 0x00000018 pushad 0x00000019 pushad 0x0000001a jmp 00007F65C0B38BF3h 0x0000001f jmp 00007F65C0B38BF1h 0x00000024 popad 0x00000025 jl 00007F65C0B38BF5h 0x0000002b jmp 00007F65C0B38BEFh 0x00000030 popad 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 pushad 0x00000036 jbe 00007F65C0B38BECh 0x0000003c jnl 00007F65C0B38BE8h 0x00000042 popad 0x00000043 pop eax 0x00000044 push 00000003h 0x00000046 mov dword ptr [ebp+122D1FA8h], esi 0x0000004c push 00000000h 0x0000004e call 00007F65C0B38BEFh 0x00000053 mov ecx, 0B140245h 0x00000058 pop edx 0x00000059 push 00000003h 0x0000005b mov ecx, dword ptr [ebp+122D351Dh] 0x00000061 mov edi, ebx 0x00000063 call 00007F65C0B38BE9h 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c push edx 0x0000006d pop edx 0x0000006e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7A27 second address: 5C7A31 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7A31 second address: 5C7A9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jp 00007F65C0B38BECh 0x00000011 jns 00007F65C0B38BE6h 0x00000017 jmp 00007F65C0B38BEFh 0x0000001c popad 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 jmp 00007F65C0B38BF3h 0x00000026 mov eax, dword ptr [eax] 0x00000028 push edx 0x00000029 jmp 00007F65C0B38BEFh 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 push eax 0x00000034 push edx 0x00000035 jg 00007F65C0B38BECh 0x0000003b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7A9F second address: 5C7AEA instructions: 0x00000000 rdtsc 0x00000002 jns 00007F65C10F107Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov edx, 37CC0DFCh 0x00000010 lea ebx, dword ptr [ebp+124477E0h] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F65C10F1078h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D1E11h], eax 0x00000036 xchg eax, ebx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a jc 00007F65C10F1076h 0x00000040 pushad 0x00000041 popad 0x00000042 popad 0x00000043 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7AEA second address: 5C7AEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7B7F second address: 5C7BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 ja 00007F65C10F1076h 0x0000000e pop ebx 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov edi, esi 0x00000015 mov edx, dword ptr [ebp+122D3515h] 0x0000001b push 00000000h 0x0000001d or dword ptr [ebp+122D17D9h], esi 0x00000023 call 00007F65C10F1079h 0x00000028 jns 00007F65C10F1084h 0x0000002e push eax 0x0000002f jl 00007F65C10F1084h 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 pop eax 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7BCA second address: 5C7BE6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F65C0B38BECh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7CC2 second address: 5C7CE1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jno 00007F65C10F1076h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jno 00007F65C10F1076h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7D80 second address: 5C7D8A instructions: 0x00000000 rdtsc 0x00000002 js 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7D8A second address: 5C7E24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65C10F1081h 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F65C10F1088h 0x00000014 jmp 00007F65C10F107Ah 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007F65C10F1078h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 adc esi, 4C5A4F00h 0x0000003b mov dl, 17h 0x0000003d push 00000000h 0x0000003f mov dword ptr [ebp+122D27A9h], eax 0x00000045 call 00007F65C10F1079h 0x0000004a pushad 0x0000004b pushad 0x0000004c pushad 0x0000004d popad 0x0000004e push esi 0x0000004f pop esi 0x00000050 popad 0x00000051 jmp 00007F65C10F1082h 0x00000056 popad 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push ecx 0x0000005b push edx 0x0000005c pop edx 0x0000005d pop ecx 0x0000005e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7E24 second address: 5C7E53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push ecx 0x0000000e jmp 00007F65C0B38BF1h 0x00000013 pop ecx 0x00000014 mov eax, dword ptr [eax] 0x00000016 push ecx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C7F22 second address: 5C7F47 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F65C10F1088h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EAB13 second address: 5EAB19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EAB19 second address: 5EAB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EAB1D second address: 5EAB21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E9234 second address: 5E9239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E9239 second address: 5E923F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E923F second address: 5E9249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F65C10F1076h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E9514 second address: 5E9518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E9518 second address: 5E952C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Ah 0x00000007 jbe 00007F65C10F1076h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E952C second address: 5E9531 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E9531 second address: 5E9537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E96B2 second address: 5E96DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F65C0B38BE6h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F65C0B38BF9h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E96DB second address: 5E96E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E96E1 second address: 5E96E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E995F second address: 5E9983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F65C10F1093h 0x0000000b jmp 00007F65C10F1087h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E9AF2 second address: 5E9B1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEBh 0x00000007 jmp 00007F65C0B38BF9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BB00C second address: 5BB014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EA5CF second address: 5EA5D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EA5D5 second address: 5EA5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EA5DE second address: 5EA5E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EA5E2 second address: 5EA5F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F65C10F107Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BE5C3 second address: 5BE5CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007F65C0B38BE6h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF048 second address: 5EF04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF04E second address: 5EF052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EDD86 second address: 5EDDAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F65C10F1088h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EDDAB second address: 5EDDB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF701 second address: 5EF728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F65C10F1087h 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pop esi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EF728 second address: 5EF737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C0B38BEBh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F3120 second address: 5F312B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F65C10F1076h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B0F3C second address: 5B0F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF8h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F65C0B38BE6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6B2E second address: 5F6B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6E3B second address: 5F6E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C0B38BF8h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F8406 second address: 5F8417 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F853C second address: 5F8540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F8540 second address: 5F855C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F861F second address: 5F8625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F8FE8 second address: 5F8FEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F9163 second address: 5F9189 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F65C0B38BEFh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F922F second address: 5F9233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FABE5 second address: 5FAC0D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F65C0B38BF2h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F65C0B38BEDh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FBEC6 second address: 5FBECC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FAC0D second address: 5FAC13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FCA12 second address: 5FCA18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD4C9 second address: 5FD4D3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD4D3 second address: 5FD566 instructions: 0x00000000 rdtsc 0x00000002 js 00007F65C10F107Ch 0x00000008 jne 00007F65C10F1076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F65C10F1078h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d call 00007F65C10F107Fh 0x00000032 mov si, 0A08h 0x00000036 pop esi 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c call 00007F65C10F1078h 0x00000041 pop ebx 0x00000042 mov dword ptr [esp+04h], ebx 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc ebx 0x0000004f push ebx 0x00000050 ret 0x00000051 pop ebx 0x00000052 ret 0x00000053 mov dword ptr [ebp+122D1E43h], eax 0x00000059 mov edi, 4A0F6C36h 0x0000005e push 00000000h 0x00000060 stc 0x00000061 xchg eax, ebx 0x00000062 jmp 00007F65C10F107Ch 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b jbe 00007F65C10F1076h 0x00000071 push ebx 0x00000072 pop ebx 0x00000073 popad 0x00000074 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD566 second address: 5FD56C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD2EF second address: 5FD2F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FE016 second address: 5FE020 instructions: 0x00000000 rdtsc 0x00000002 js 00007F65C0B38BECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6037D2 second address: 6037F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C10F1088h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6037F2 second address: 60386A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f mov dword ptr [ebp+122D1E0Bh], ebx 0x00000015 jg 00007F65C0B38BFBh 0x0000001b popad 0x0000001c call 00007F65C0B38BEBh 0x00000021 mov bx, cx 0x00000024 pop ebx 0x00000025 push 00000000h 0x00000027 jnp 00007F65C0B38BE7h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edx 0x00000032 call 00007F65C0B38BE8h 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], edx 0x0000003c add dword ptr [esp+04h], 00000015h 0x00000044 inc edx 0x00000045 push edx 0x00000046 ret 0x00000047 pop edx 0x00000048 ret 0x00000049 push edi 0x0000004a mov ebx, esi 0x0000004c pop edi 0x0000004d mov ebx, dword ptr [ebp+122D3659h] 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60386A second address: 60386E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60386E second address: 603872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 605910 second address: 60591A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F65C10F1076h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60591A second address: 60597C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov edi, eax 0x00000011 push edi 0x00000012 jg 00007F65C0B38BEBh 0x00000018 pop edi 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D1B07h], eax 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ebx 0x00000026 call 00007F65C0B38BE8h 0x0000002b pop ebx 0x0000002c mov dword ptr [esp+04h], ebx 0x00000030 add dword ptr [esp+04h], 00000019h 0x00000038 inc ebx 0x00000039 push ebx 0x0000003a ret 0x0000003b pop ebx 0x0000003c ret 0x0000003d add dword ptr [ebp+122D2993h], esi 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F65C0B38BF0h 0x0000004b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 604AB6 second address: 604AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F65C10F1088h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6068E9 second address: 6068EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6068EF second address: 606921 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65C10F1088h 0x00000008 js 00007F65C10F1076h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 jno 00007F65C10F1078h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 604B7F second address: 604B84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 606921 second address: 606971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 call 00007F65C10F1083h 0x0000000d mov dword ptr [ebp+122D1FA8h], edx 0x00000013 pop edi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F65C10F1078h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 push 00000000h 0x00000032 mov bx, di 0x00000035 push eax 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 606971 second address: 606975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 607A85 second address: 607A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 607A89 second address: 607A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 607A8F second address: 607AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C10F1087h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 607AAA second address: 607AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60BCC3 second address: 60BCE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F65C10F1076h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F65C10F1082h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60C319 second address: 60C33F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F65C0B38BEAh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60D2C1 second address: 60D2C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60D2C5 second address: 60D2CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60D2CB second address: 60D336 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1083h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F65C10F1078h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov ebx, dword ptr [ebp+122D289Dh] 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 call 00007F65C10F1078h 0x00000038 pop ecx 0x00000039 mov dword ptr [esp+04h], ecx 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc ecx 0x00000046 push ecx 0x00000047 ret 0x00000048 pop ecx 0x00000049 ret 0x0000004a movsx ebx, di 0x0000004d xchg eax, esi 0x0000004e push esi 0x0000004f pushad 0x00000050 pushad 0x00000051 popad 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6102B3 second address: 6102EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F65C0B38BEEh 0x0000000e jno 00007F65C0B38BE8h 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6102EA second address: 6102EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60E478 second address: 60E48E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6102EE second address: 6102F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60D420 second address: 60D424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6102F2 second address: 6102FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60E48E second address: 60E4AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jl 00007F65C0B38BECh 0x00000011 jo 00007F65C0B38BE6h 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6102FE second address: 610302 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60E4AF second address: 60E4FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 add ebx, dword ptr [ebp+122D1DB5h] 0x0000000d push dword ptr fs:[00000000h] 0x00000014 movsx ebx, bx 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e mov bh, ch 0x00000020 mov eax, dword ptr [ebp+122D0DE1h] 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007F65C0B38BE8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 00000018h 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 push FFFFFFFFh 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60E4FE second address: 60E504 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60E504 second address: 60E50A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6109F2 second address: 610A07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60E50A second address: 60E50E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 610A07 second address: 610A0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 611A4F second address: 611A53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 610B00 second address: 610B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov edi, dword ptr [ebp+122D33D5h] 0x0000000c push dword ptr fs:[00000000h] 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F65C10F1078h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr fs:[00000000h], esp 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007F65C10F1078h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 00000014h 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e mov edi, esi 0x00000050 mov eax, dword ptr [ebp+122D0CC1h] 0x00000056 pushad 0x00000057 add dword ptr [ebp+122D1E43h], esi 0x0000005d jmp 00007F65C10F1083h 0x00000062 popad 0x00000063 push FFFFFFFFh 0x00000065 sub dword ptr [ebp+12462E7Ah], eax 0x0000006b nop 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007F65C10F107Ch 0x00000075 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 611CB5 second address: 611CBF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F65C0B38BECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 610B90 second address: 610BA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1084h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6129EA second address: 6129F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6129F0 second address: 612A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F65C10F1081h 0x0000000f jnc 00007F65C10F1076h 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 612B82 second address: 612B9E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F65C0B38BE8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F65C0B38BEDh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 613B32 second address: 613B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617DDD second address: 617DE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617DE7 second address: 617DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617DEB second address: 617DEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617DEF second address: 617E0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F65C10F1081h 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61D27D second address: 61D291 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jne 00007F65C0B38BE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jns 00007F65C0B38BE6h 0x00000013 pop ebx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61CCE1 second address: 61CCE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AA424 second address: 5AA42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AA42A second address: 5AA432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AA432 second address: 5AA44E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF7h 0x00000009 pop edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 620187 second address: 62018C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62018C second address: 6201AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6254EC second address: 6254F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6254F0 second address: 625511 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F65C0B38BECh 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007F65C0B38BEBh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625511 second address: 625552 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Fh 0x00000007 jmp 00007F65C10F107Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 ja 00007F65C10F1076h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F65C10F1082h 0x0000001f popad 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625552 second address: 625557 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625E4B second address: 625E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625E4F second address: 625E58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625E58 second address: 625E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625E65 second address: 625E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625E69 second address: 625E6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62C220 second address: 62C224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62B921 second address: 62B929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62B929 second address: 62B945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62B945 second address: 62B962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F65C10F1082h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62B962 second address: 62B966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62B966 second address: 62B96A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62BAA4 second address: 62BAB2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62BAB2 second address: 62BACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1088h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62BACE second address: 62BAF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F65C0B38BF2h 0x00000011 jl 00007F65C0B38BE6h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62BDD3 second address: 62BDEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F65C10F1082h 0x0000000d jnc 00007F65C10F1076h 0x00000013 jc 00007F65C10F1076h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62BDEC second address: 62BDF1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62C097 second address: 62C09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62C09D second address: 62C0D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F65C0B38BF1h 0x0000000c pushad 0x0000000d jl 00007F65C0B38BE6h 0x00000013 jmp 00007F65C0B38BF5h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 631E51 second address: 631E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 631E57 second address: 631E6B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F65C0B38BEAh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 630C82 second address: 630C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6313B3 second address: 6313B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63095F second address: 630978 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C10F107Fh 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636E1B second address: 636E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636E1F second address: 636E25 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636E25 second address: 636E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F65C0B38BECh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63BA15 second address: 63BA54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007F65C10F1084h 0x00000011 jnc 00007F65C10F1076h 0x00000017 pop eax 0x00000018 pushad 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b pushad 0x0000001c popad 0x0000001d jng 00007F65C10F1076h 0x00000023 popad 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63BA54 second address: 63BA59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63BBB3 second address: 63BBBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63BE89 second address: 63BEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F65C0B38BE6h 0x0000000a jmp 00007F65C0B38BF8h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63BEAB second address: 63BED2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1082h 0x00000007 pushad 0x00000008 jmp 00007F65C10F107Eh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C048 second address: 63C055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jc 00007F65C0B38BEEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C16E second address: 63C178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C178 second address: 63C17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C17C second address: 63C18F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C10F1076h 0x00000008 jo 00007F65C10F1076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C18F second address: 63C195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C195 second address: 63C19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C2D2 second address: 63C2D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C44E second address: 63C46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1080h 0x00000009 popad 0x0000000a jng 00007F65C10F1082h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C46B second address: 63C471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C471 second address: 63C475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C475 second address: 63C491 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F65C0B38BF1h 0x0000000a popad 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C5ED second address: 63C5FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DD4BC second address: 5DD4C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B44D second address: 63B451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B451 second address: 63B48F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d jmp 00007F65C0B38BF7h 0x00000012 pop ecx 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B48F second address: 63B494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 640095 second address: 640099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 644B12 second address: 644B5F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b jmp 00007F65C10F1081h 0x00000010 pop eax 0x00000011 jmp 00007F65C10F1083h 0x00000016 pushad 0x00000017 jmp 00007F65C10F1088h 0x0000001c push esi 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FFD37 second address: 5FFD3C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FFFF8 second address: 5FFFFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FFFFC second address: 600002 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600317 second address: 60031D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60031D second address: 600323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600323 second address: 600347 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F65C10F1086h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6005E3 second address: 600619 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jp 00007F65C0B38BF8h 0x00000011 je 00007F65C0B38BECh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6009DA second address: 6009E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6009E0 second address: 6009EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 je 00007F65C0B38BE6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600B6C second address: 600B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600D12 second address: 600D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F65C0B38BF5h 0x00000013 jmp 00007F65C0B38BF0h 0x00000018 popad 0x00000019 pop eax 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F65C0B38BEBh 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600D56 second address: 600D6F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F65C10F107Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600D6F second address: 600D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600E41 second address: 600E4B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 643F90 second address: 643FA9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F65C0B38BEEh 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6440DC second address: 6440E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6440E2 second address: 6440EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop esi 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 644287 second address: 6442AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F65C10F108Fh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6443F7 second address: 64443A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F65C0B38BECh 0x00000010 popad 0x00000011 pushad 0x00000012 jnl 00007F65C0B38BF7h 0x00000018 pushad 0x00000019 jmp 00007F65C0B38BF1h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 646FBE second address: 646FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 646FC2 second address: 646FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 646FC8 second address: 646FCF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 646FCF second address: 646FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 646FD8 second address: 646FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64A158 second address: 64A17C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEFh 0x00000007 js 00007F65C0B38BE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F65C0B38BECh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64A17C second address: 64A180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64A180 second address: 64A1A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649B72 second address: 649B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649B77 second address: 649B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649B7D second address: 649B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649CA2 second address: 649CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649CA7 second address: 649CCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1080h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F65C10F107Eh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649CCD second address: 649CFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F65C0B38BFCh 0x0000000f jmp 00007F65C0B38BF0h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649CFA second address: 649CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649EAE second address: 649EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64F8D7 second address: 64F8E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64F8E0 second address: 64F8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64FE7F second address: 64FE9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1086h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6007E3 second address: 6007E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64FFD5 second address: 64FFF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jbe 00007F65C10F1076h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop ecx 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F65C10F1076h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64FFF0 second address: 65000A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65000A second address: 65000E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65000E second address: 650014 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653F9F second address: 653FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653FA5 second address: 653FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F65C0B38BECh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653FB6 second address: 653FBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653FBC second address: 653FFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F65C0B38BF7h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F65C0B38BEFh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653FFB second address: 65401A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65401A second address: 654020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6539D6 second address: 6539E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6582A9 second address: 6582AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6582AF second address: 6582D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F65C10F109Dh 0x0000000b jmp 00007F65C10F107Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F65C10F107Eh 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B450D second address: 5B4536 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F65C0B38BF8h 0x0000000d pushad 0x0000000e jnl 00007F65C0B38BE6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65770A second address: 65770F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65770F second address: 657742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jc 00007F65C0B38BF5h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F65C0B38BEEh 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 657742 second address: 657746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 657899 second address: 6578AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6578AA second address: 6578F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F65C10F107Dh 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jnp 00007F65C10F107Eh 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007F65C10F107Ch 0x0000001c pushad 0x0000001d jl 00007F65C10F1076h 0x00000023 jmp 00007F65C10F107Eh 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6578F4 second address: 657909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F65C0B38BE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F65C0B38BE6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 657A56 second address: 657A70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1084h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 657A70 second address: 657A76 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 657D1C second address: 657D22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 657D22 second address: 657D26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65995B second address: 659966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 659966 second address: 659985 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 659985 second address: 65998B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65BE2C second address: 65BE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65BE30 second address: 65BE34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6648DA second address: 6648F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6648F9 second address: 664902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664902 second address: 664910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BEAh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66284E second address: 662867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F65C10F1084h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 662B68 second address: 662B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF7h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 662B88 second address: 662B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 662B99 second address: 662BA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F65C0B38BE6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 662E43 second address: 662E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F65C10F1089h 0x0000000d jng 00007F65C10F1076h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 662E6C second address: 662E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF1h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 662E82 second address: 662E93 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F65C10F107Ah 0x00000008 pop esi 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663411 second address: 663417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663417 second address: 66341B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66341B second address: 663440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEBh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jnl 00007F65C0B38BE6h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66370B second address: 663711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663711 second address: 663715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6639FB second address: 663A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1086h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663A15 second address: 663A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65C0B38BF0h 0x00000008 jmp 00007F65C0B38BF4h 0x0000000d popad 0x0000000e push ecx 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007F65C0B38BF2h 0x00000016 pop ecx 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b jno 00007F65C0B38BE6h 0x00000021 push eax 0x00000022 pop eax 0x00000023 popad 0x00000024 jmp 00007F65C0B38BEAh 0x00000029 pushad 0x0000002a jmp 00007F65C0B38BF2h 0x0000002f jmp 00007F65C0B38BF4h 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663D44 second address: 663D52 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F65C10F1076h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663D52 second address: 663D5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663D5B second address: 663D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663D61 second address: 663D90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F65C0B38BF1h 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007F65C0B38BEEh 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663D90 second address: 663DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F65C10F108Ah 0x0000000a jmp 00007F65C10F1084h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663DAE second address: 663DB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F65C0B38BE6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6642D1 second address: 6642FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Fh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F65C10F1085h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6642FB second address: 664305 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C0B38BF2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664305 second address: 66430B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6645DE second address: 6645E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66D889 second address: 66D88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66C9C3 second address: 66C9E0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 jbe 00007F65C0B38BE8h 0x0000000e push ecx 0x0000000f jmp 00007F65C0B38BEAh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CB2C second address: 66CB32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CB32 second address: 66CB36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CB36 second address: 66CB5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F65C10F1078h 0x0000000c popad 0x0000000d push edx 0x0000000e jmp 00007F65C10F1083h 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CE49 second address: 66CE4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CE4F second address: 66CE6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1088h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CE6B second address: 66CE6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CF90 second address: 66CFC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F65C10F1076h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e pushad 0x0000000f jmp 00007F65C10F107Dh 0x00000014 jmp 00007F65C10F1082h 0x00000019 jng 00007F65C10F1076h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CFC6 second address: 66CFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F65C0B38BECh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CFD7 second address: 66CFF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F65C10F108Eh 0x0000000a jmp 00007F65C10F1088h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66CFF9 second address: 66D034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F65C0B38BE6h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F65C0B38BF8h 0x00000010 jmp 00007F65C0B38BEDh 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jns 00007F65C0B38BE6h 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66D3FF second address: 66D40F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F65C10F1076h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66D585 second address: 66D59C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEDh 0x00000007 je 00007F65C0B38BE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 673B93 second address: 673BA7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 je 00007F65C10F1076h 0x0000000d ja 00007F65C10F1076h 0x00000013 pop esi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 673BA7 second address: 673BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65C0B38BEDh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67416F second address: 674173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674173 second address: 67419A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F65C0B38BEDh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6742E5 second address: 6742F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F65C10F107Ch 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6742F8 second address: 674302 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674913 second address: 674919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674919 second address: 67492D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F65C0B38BEBh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67492D second address: 674931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674931 second address: 674935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674935 second address: 67493B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67493B second address: 67494E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007F65C0B38BF8h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 675163 second address: 675169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67CF05 second address: 67CF09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D047 second address: 67D04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67F874 second address: 67F87A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67F87A second address: 67F87E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68D4A7 second address: 68D4D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jl 00007F65C0B38BE6h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 jmp 00007F65C0B38BEAh 0x00000018 jmp 00007F65C0B38BF4h 0x0000001d pop edi 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 695FE7 second address: 695FED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 695FED second address: 69600A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C0B38BF5h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A27B8 second address: 6A27BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A27BE second address: 6A27C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A27C8 second address: 6A27CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A7F31 second address: 6A7F3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F65C0B38BE6h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A7F3D second address: 6A7F43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A7F43 second address: 6A7F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A7F4F second address: 6A7F53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A7F53 second address: 6A7F59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A80E8 second address: 6A80F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A80F6 second address: 6A8107 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A8107 second address: 6A810D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A828A second address: 6A8291 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A8291 second address: 6A82AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b jbe 00007F65C10F1076h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 jo 00007F65C10F107Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A8401 second address: 6A8418 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A8418 second address: 6A8449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F65C10F1076h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F65C10F107Ah 0x00000013 jo 00007F65C10F1089h 0x00000019 push edi 0x0000001a pop edi 0x0000001b jmp 00007F65C10F1081h 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A8449 second address: 6A846F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F65C0B38BFEh 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F65C0B38BF6h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A85A6 second address: 6A85C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jnp 00007F65C10F1076h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jnc 00007F65C10F1078h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A88EB second address: 6A8910 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEBh 0x00000007 jmp 00007F65C0B38BF3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A9435 second address: 6A9467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 je 00007F65C10F1090h 0x0000000d pop edx 0x0000000e pushad 0x0000000f pushad 0x00000010 jl 00007F65C10F1076h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A9467 second address: 6A949E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BEFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F65C0B38BEEh 0x00000011 jmp 00007F65C0B38BF3h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A949E second address: 6A94A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A94A2 second address: 6A94A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A94A8 second address: 6A94B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F65C10F107Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A94B6 second address: 6A94BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AD0C0 second address: 6AD0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AD0C6 second address: 6AD0CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AE9E4 second address: 6AE9F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F107Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B853D second address: 6B8544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B8544 second address: 6B854F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F65C10F1076h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BA4FB second address: 6BA50E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F65C0B38BEAh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BA359 second address: 6BA373 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1080h 0x00000007 jo 00007F65C10F1076h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C41BE second address: 6C41DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F65C0B38BF2h 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C41DD second address: 6C4209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F65C10F1076h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F65C10F1083h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F65C10F1076h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C4209 second address: 6C420D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C420D second address: 6C4211 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C4211 second address: 6C4223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F65C0B38BE6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D26EB second address: 6D2709 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA87F second address: 6EA89C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF9h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA9F6 second address: 6EA9FE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA9FE second address: 6EAA19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C0B38BF7h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAA19 second address: 6EAA22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAA22 second address: 6EAA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F65C0B38BF2h 0x00000011 jnl 00007F65C0B38BE8h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAA47 second address: 6EAA4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAD09 second address: 6EAD15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F65C0B38BE6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EB2AF second address: 6EB2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1085h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EB451 second address: 6EB45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F65C0B38BE6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EB722 second address: 6EB72F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EB72F second address: 6EB749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C0B38BF2h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE407 second address: 6EE411 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE411 second address: 6EE417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE417 second address: 6EE43A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F65C10F107Ch 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE43A second address: 6EE454 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C0B38BF6h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE9C6 second address: 6EE9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE9CC second address: 6EE9D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE9D1 second address: 6EE9FF instructions: 0x00000000 rdtsc 0x00000002 jl 00007F65C10F1078h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 movsx edi, di 0x00000013 mov cx, 4D5Dh 0x00000017 popad 0x00000018 push dword ptr [ebp+122D2945h] 0x0000001e mov dx, ax 0x00000021 call 00007F65C10F1079h 0x00000026 push ecx 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE9FF second address: 6EEA16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jnp 00007F65C0B38BE6h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EEA16 second address: 6EEA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F65C10F1076h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 ja 00007F65C10F1088h 0x00000016 mov eax, dword ptr [eax] 0x00000018 push esi 0x00000019 jmp 00007F65C10F1089h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jc 00007F65C10F1078h 0x0000002b push edx 0x0000002c pop edx 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50D38 second address: 4D50DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov ecx, dword ptr [eax+00000FDCh] 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 pushfd 0x00000011 jmp 00007F65C0B38BEAh 0x00000016 or si, 34D8h 0x0000001b jmp 00007F65C0B38BEBh 0x00000020 popfd 0x00000021 popad 0x00000022 test ecx, ecx 0x00000024 jmp 00007F65C0B38BF6h 0x00000029 jns 00007F65C0B38C08h 0x0000002f jmp 00007F65C0B38BF0h 0x00000034 add eax, ecx 0x00000036 jmp 00007F65C0B38BF0h 0x0000003b mov eax, dword ptr [eax+00000860h] 0x00000041 jmp 00007F65C0B38BF0h 0x00000046 test eax, eax 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov eax, edx 0x0000004d pushfd 0x0000004e jmp 00007F65C0B38BF9h 0x00000053 xor esi, 289529E6h 0x00000059 jmp 00007F65C0B38BF1h 0x0000005e popfd 0x0000005f popad 0x00000060 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50DF5 second address: 4D50E05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C10F107Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D50E05 second address: 4D50E09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 453860 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 5EDBBD instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 617E35 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 4537B9 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 684DCF instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 1424Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218364928.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218429199.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199613296.0000000000E54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218168501.0000000000DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00435BB0 LdrInitializeThunk,0_2_00435BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, file.exe, 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		unknown
      sergei-esenin.com
      		104.21.53.8
      		truetrue
        		unknown
        eaglepawnoy.store
        		unknown
        		unknownfalse
          		unknown
          bathdoomgaz.store
          		unknown
          		unknownfalse
            		unknown
            spirittunek.store
            		unknown
            		unknownfalse
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknownfalse
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknownfalse
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknownfalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.stortrue
                          		unknown
                          mobbipenju.stortrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                            • URL Reputation: malware
                            		unknown
                            bathdoomgaz.stortrue
                              		unknown
                              dissapoiznw.stortrue
                                		unknown
                                spirittunek.stortrue
                                  		unknown
                                  eaglepawnoy.stortrue
                                    		unknown
                                    clearancek.sitetrue
                                      		unknown
                                      licendfilteo.sitetrue
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://community.akamai.stfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://community.akamai.steamstatic.file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://sergei-esenin.com/file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218168501.0000000000E27000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;lfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://avatars.akamai.steamstatic;file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://bathdoomgaz.store:443/apiAfile.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://sergei-esenin.com/kIfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/skin_1/file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://s.ytimg.com;file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4Okfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://broadcast.st.dl.eccfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://steam.tv/file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=lfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://store.stefile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://lv.queniujq.cnfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.2199613296.0000000000E67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218364928.0000000000E67000.00000004.00000020.00020000.00000000.sdmptrue
                                                                        • URL Reputation: malware
                                                                        		unknown
                                                                        https://www.youtube.com/file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/publifile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.jsfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://www.google.com/recaptcha/file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://checkout.steampowered.com/file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://store.steampowered.com/about/file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfmfile.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://cdn.akamai.steamstatic.com/steamcommunity/public/asfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://help.steampowered.com/en/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://steamcommunity.com/market/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://store.steampowered.com/news/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://login.steampowered.com/;file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/stats/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/jafile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://medal.tvfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://clearancek.site:443/apifile.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://community.akamai.steamstatic.com/public/css/skin_1/modalContentlfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://store.steampowered.com/legal/file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://community.afile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&amp;l=efile.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://store.steafile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://recaptcha.netfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://store.steampowered.com/file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://studennotediw.store:443/apifile.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://127.0.0.1:27060file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://sergei-esenin.com/CIfile.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://community.akamai.steamstatic.com/public/shared/javascript/auth_refile.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    104.21.53.8
                                                                                                                                    		sergei-esenin.comUnited States
                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                    104.102.49.254
                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                    		16625AKAMAI-ASUSfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                    Analysis ID:1528371
                                                                                                                                    Start date and time:2024-10-07 21:17:07 +02:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 4m 45s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                    Number of analysed new started processes analysed:8
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:file.exe
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    HCA Information:Failed
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    • VT rate limit hit for: file.exe

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    15:18:05API Interceptor3x Sleep call for process: file.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    104.21.53.8CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          c3KH2gLNrM.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              8ObkdHP9Hq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      fASbbWNgm1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • www.valvesoftware.com/legal.htm

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        sergei-esenin.comCSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        xwZfYpo16i.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        c3KH2gLNrM.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        steamcommunity.comout.exeGet hashmaliciousVidarBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        FdjDPFGTZS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        CLOUDFLARENETUShttps://s.craft.me/yB5midhwwaHUPWGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.16.40.28
                                                                                                                                                        https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzA1Mzk4LCJuYmYiOjE3MjgzMDUzOTgsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJpeHI5d3pqeGcwZnI2NGJjbGwycyIsInRva2VuIjoiaXhyOXd6anhnMGZyNjRiY2xsMnMiLCJzZW5kX2F0IjoxNzI4MzA0MzU0LCJlbWFpbF9pZCI6OTk2Mzg3MCwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTM4MjUsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1TcHJpbmcraGFzK3NwcnVuZyslRjAlOUYlOEMlQjEifQ.HIDfaWGNVn-TCtUT4qZNHq7EdymoLEqvVA8XxZBU8z8Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                        • 104.21.23.186
                                                                                                                                                        FW_ _EXTERNAL_ Completed_ iNH9Y_Contract_and_Agreement_3509750318S REF ID_iNH9Y.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.17.25.14
                                                                                                                                                        https://entertaininmotionre.pro/IQCm/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.17.25.14
                                                                                                                                                        Justificante de pago.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        https://dsdhie.org/dsjhemGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        https://ipp.safetyworksolutions.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.21.43.105
                                                                                                                                                        CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        https://dsdhie.org/dsjhemGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        https://dsdhie.org/dsjhemGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        AKAMAI-ASUSout.exeGet hashmaliciousVidarBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        cenSXPimaG.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                        • 23.43.32.11
                                                                                                                                                        FdjDPFGTZS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        http://kendellseafoods.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.102.44.86
                                                                                                                                                        TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        FdjDPFGTZS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        45Ywq5ad5H.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        f1r6P3j3g7.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        NdSXVNeoET.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        • 104.102.49.254

                                                                                                                                                        Dropped Files

                                                                                                                                                        No context

                                                                                                                                                        Created / dropped Files

                                                                                                                                                        No created / dropped files found

                                                                                                                                                        Static File Info

                                                                                                                                                        General

                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Entropy (8bit):7.9505211163962715
                                                                                                                                                        TrID:
                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                        File name:file.exe
                                                                                                                                                        File size:1'861'632 bytes
                                                                                                                                                        MD5:5d0beee43c279e20df593c949090fa0a
                                                                                                                                                        SHA1:59ef176b2a0d1b8e54ab13f8a0e447104645b850
                                                                                                                                                        SHA256:c6c522da27129bc6298ff5286c6c271a7b7bf6ae7376cf7c4fc84dba2dfb8ca0
                                                                                                                                                        SHA512:8a9dc25176573dcb912dd45b28f14fa7937460d113485f3397a31e411503521520c3c35aab5c4fae5ca505b9f7e7198ff58208e75cd3b3a38c4e9009fa24a48c
                                                                                                                                                        SSDEEP:24576:LZIp3mG4L+wXE5pV+TQPMbBlpLinTD+kLuupzQRNNToRs6RMuZc73x9liTOAFpT:Cp3mAwXEkTAMdPzeKCqu8li9L
                                                                                                                                                        TLSH:4C8533259D7223E4C1FF24B4B5334727E2A0AE81E57358372727410D5A9AA3DFBD8638
                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................J...........@...........................J......@....@.................................W...k..

                                                                                                                                                        File Icon

                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                        Static PE Info

                                                                                                                                                        General

                                                                                                                                                        Entrypoint:0x8ab000
                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                        Digitally signed:false
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                        Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                                                        TLS Callbacks:
                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                        OS Version Major:6
                                                                                                                                                        OS Version Minor:0
                                                                                                                                                        File Version Major:6
                                                                                                                                                        File Version Minor:0
                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                        Entrypoint Preview

                                                                                                                                                        Instruction
                                                                                                                                                        jmp 00007F65C14C152Ah
                                                                                                                                                        cmovbe ebx, dword ptr [eax+eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        jmp 00007F65C14C3525h
                                                                                                                                                        add byte ptr [edx+ecx], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        xor byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        sbb al, 00h
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add dword ptr [eax+00000000h], eax
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add eax, 0000000Ah
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [esi], al
                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add al, 0Ah
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        xor byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax+00000000h], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add dword ptr [eax+00000000h], eax
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add dword ptr [edx], ecx
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        inc eax
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], cl
                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                        Data Directories

                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                        Sections

                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                        0x10000x5d0000x25e0004abec1da2252127bbfb0fe921a9cfa6False0.9995487830033003data7.97840910686373IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        0x600000x2ad0000x200f425d0ec9532c408ed690b2d7a67352aunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        jvjsmpcp0x30d0000x19d0000x19d0007b3ddbfa40a427b0312f2a18f6d014b7False0.9944149137409201data7.95452951026357IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        gwbnwyoc0x4aa0000x10000x400af944ca8427f5942f0d5491c0ad3194fFalse0.8505859375data6.454970508041616IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .taggant0x4ab0000x30000x2200f1032bf8f2771f9eb9b5357510603774False0.05307904411764706DOS executable (COM)0.5944272086126215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                        Imports

                                                                                                                                                        DLLImport
                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                        Network Behavior

                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                        2024-10-07T21:18:06.395836+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6610741.1.1.153UDP
                                                                                                                                                        2024-10-07T21:18:06.422416+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6637031.1.1.153UDP
                                                                                                                                                        2024-10-07T21:18:06.436400+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6595871.1.1.153UDP
                                                                                                                                                        2024-10-07T21:18:06.450019+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6504781.1.1.153UDP
                                                                                                                                                        2024-10-07T21:18:06.462444+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6498611.1.1.153UDP
                                                                                                                                                        2024-10-07T21:18:06.475159+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6561781.1.1.153UDP
                                                                                                                                                        2024-10-07T21:18:06.487153+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6552141.1.1.153UDP
                                                                                                                                                        2024-10-07T21:18:06.499407+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6495461.1.1.153UDP
                                                                                                                                                        2024-10-07T21:18:08.691517+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649713104.21.53.8443TCP
                                                                                                                                                        2024-10-07T21:18:08.691517+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649713104.21.53.8443TCP

                                                                                                                                                        Network Port Distribution

                                                                                                                                                        TCP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Oct 7, 2024 21:18:06.526747942 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:06.526782990 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.526973009 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:06.531405926 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:06.531440020 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.144500971 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.144684076 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.146994114 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.147006035 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.147337914 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.187220097 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.194268942 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.235512972 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.597767115 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.597837925 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.597841978 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.597871065 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.597892046 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.597896099 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.597918034 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.597942114 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.598001957 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.598012924 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.640331984 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.691122055 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.691152096 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.691198111 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.691200972 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.691221952 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.691237926 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.691258907 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.691270113 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.691286087 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.691313028 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.696512938 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.696579933 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.696628094 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.696691036 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.696701050 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.696774006 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.696819067 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.717144012 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.717161894 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.717185020 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                                        Oct 7, 2024 21:18:07.717192888 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.747994900 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:07.748023987 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.748106003 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:07.748505116 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:07.748518944 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:08.204598904 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:08.204829931 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:08.206248045 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:08.206269026 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:08.206784010 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:08.207930088 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:08.207958937 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:08.208019972 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:08.691309929 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:08.691432953 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:08.691637039 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:08.692264080 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:08.692286015 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:08.692528009 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                                        Oct 7, 2024 21:18:08.692538023 CEST44349713104.21.53.8192.168.2.6

                                                                                                                                                        UDP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Oct 7, 2024 21:18:06.395836115 CEST6107453192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.417903900 CEST53610741.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.422415972 CEST6370353192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.433094978 CEST53637031.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.436399937 CEST5958753192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.448349953 CEST53595871.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.450018883 CEST5047853192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.461049080 CEST53504781.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.462444067 CEST4986153192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.473948956 CEST53498611.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.475158930 CEST5617853192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.485716105 CEST53561781.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.487153053 CEST5521453192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.497327089 CEST53552141.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.499407053 CEST4954653192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.510207891 CEST53495461.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:06.513819933 CEST5885053192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:06.522088051 CEST53588501.1.1.1192.168.2.6
                                                                                                                                                        Oct 7, 2024 21:18:07.725936890 CEST6082953192.168.2.61.1.1.1
                                                                                                                                                        Oct 7, 2024 21:18:07.747046947 CEST53608291.1.1.1192.168.2.6

                                                                                                                                                        DNS Queries

                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Oct 7, 2024 21:18:06.395836115 CEST192.168.2.61.1.1.10xc691Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.422415972 CEST192.168.2.61.1.1.10x5efbStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.436399937 CEST192.168.2.61.1.1.10xf6ebStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.450018883 CEST192.168.2.61.1.1.10x8d6aStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.462444067 CEST192.168.2.61.1.1.10x4899Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.475158930 CEST192.168.2.61.1.1.10xc03bStandard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.487153053 CEST192.168.2.61.1.1.10xe9b7Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.499407053 CEST192.168.2.61.1.1.10x8014Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.513819933 CEST192.168.2.61.1.1.10x17c5Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:07.725936890 CEST192.168.2.61.1.1.10xb505Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                                                        DNS Answers

                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Oct 7, 2024 21:18:06.417903900 CEST1.1.1.1192.168.2.60xc691Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.433094978 CEST1.1.1.1192.168.2.60x5efbName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.448349953 CEST1.1.1.1192.168.2.60xf6ebName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.461049080 CEST1.1.1.1192.168.2.60x8d6aName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.473948956 CEST1.1.1.1192.168.2.60x4899Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.485716105 CEST1.1.1.1192.168.2.60xc03bName error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.497327089 CEST1.1.1.1192.168.2.60xe9b7Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.510207891 CEST1.1.1.1192.168.2.60x8014Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:06.522088051 CEST1.1.1.1192.168.2.60x17c5No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:07.747046947 CEST1.1.1.1192.168.2.60xb505No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false
                                                                                                                                                        Oct 7, 2024 21:18:07.747046947 CEST1.1.1.1192.168.2.60xb505No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false

                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                        • steamcommunity.com
                                                                                                                                                        • sergei-esenin.com

                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.649711104.102.49.2544433040C:\Users\user\Desktop\file.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-10-07 19:18:07 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                        2024-10-07 19:18:07 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Date: Mon, 07 Oct 2024 19:18:07 GMT
                                                                                                                                                        Content-Length: 34837
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: sessionid=4fce918b41560a7a9b5c9cd0; Path=/; Secure; SameSite=None
                                                                                                                                                        Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                        2024-10-07 19:18:07 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                        2024-10-07 19:18:07 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                                                        Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                                                        2024-10-07 19:18:07 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                                                        Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                                                        2024-10-07 19:18:07 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                        Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.649713104.21.53.84433040C:\Users\user\Desktop\file.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-10-07 19:18:08 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 8
                                                                                                                                                        Host: sergei-esenin.com
                                                                                                                                                        2024-10-07 19:18:08 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                        2024-10-07 19:18:08 UTC795INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 07 Oct 2024 19:18:08 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=cob1tq1o53nddb25o25uci4ebu; expires=Fri, 31 Jan 2025 13:04:47 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jfK4LTBTfkNkmy6rXv6T7i9RUTHka3nPmP0M4iRvpQ0vsw7upSUXc1dCtY3yjwNBtg70G7uOOYgO%2F5KvodI8tOec%2FWX5yvdhl7qeovYa3NAgqw21n0rZAh2KBXzGR2VyptxreA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8cf03c3db8b96a56-EWR
                                                                                                                                                        2024-10-07 19:18:08 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                        Data Ascii: aerror #D12
                                                                                                                                                        2024-10-07 19:18:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 0


                                                                                                                                                        Statistics

                                                                                                                                                        CPU Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Memory Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        System Behavior

                                                                                                                                                        General

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:15:18:03
                                                                                                                                                        Start date:07/10/2024
                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                        Imagebase:0x3f0000
                                                                                                                                                        File size:1'861'632 bytes
                                                                                                                                                        MD5 hash:5D0BEEE43C279E20DF593C949090FA0A
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        Disassembly

                                                                                                                                                        Reset < >

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:0.9%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:74.4%
                                                                                                                                                          Total number of Nodes:39
                                                                                                                                                          Total number of Limit Nodes:3
                                                                                                                                                          execution_graph 20505 433202 RtlAllocateHeap 20526 4399d0 20528 4399f5 20526->20528 20527 439b0e 20530 439a5f 20528->20530 20532 435bb0 LdrInitializeThunk 20528->20532 20530->20527 20533 435bb0 LdrInitializeThunk 20530->20533 20532->20530 20533->20527 20506 42d9cb 20508 42d9fb 20506->20508 20507 42da65 20508->20507 20510 435bb0 LdrInitializeThunk 20508->20510 20510->20508 20511 3fedb5 20514 3fedd0 20511->20514 20515 3ffca0 20514->20515 20518 3ffcdc 20515->20518 20516 3fef70 20518->20516 20519 433220 20518->20519 20520 4332a2 RtlFreeHeap 20519->20520 20521 4332ac 20519->20521 20522 433236 20519->20522 20520->20521 20521->20516 20522->20520 20544 40049b 20545 400227 20544->20545 20546 400455 20545->20546 20548 400308 20545->20548 20550 435700 20545->20550 20549 435700 2 API calls 20546->20549 20549->20548 20551 435797 20550->20551 20552 43571b 20550->20552 20554 43578c 20550->20554 20556 435729 20550->20556 20555 433220 RtlFreeHeap 20551->20555 20552->20551 20552->20554 20552->20556 20553 435776 RtlReAllocateHeap 20553->20554 20554->20546 20555->20554 20556->20553 20557 4364b8 20558 4363f2 20557->20558 20559 43646e 20558->20559 20561 435bb0 LdrInitializeThunk 20558->20561 20561->20559 20523 3fd110 20525 3fd119 20523->20525 20524 3fd2ee ExitProcess 20525->20524

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 003FFCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 25 3ffca0-3ffcda 26 3ffcdc-3ffcdf 25->26 27 3ffd0b-3ffe22 25->27 30 3ffce0-3ffd09 call 402690 26->30 28 3ffe5b-3ffe8c 27->28 29 3ffe24 27->29 33 3ffe8e-3ffe8f 28->33 34 3ffeb6-3ffec5 call 400b50 28->34 32 3ffe30-3ffe59 call 402760 29->32 30->27 32->28 37 3ffe90-3ffeb4 call 402700 33->37 41 3ffeca-3ffecf 34->41 37->34 43 3ffed5-3ffef8 41->43 44 3fffe4-3fffe6 41->44 45 3fff2b-3fff2d 43->45 46 3ffefa 43->46 47 4001b1-4001bb 44->47 49 3fff30-3fff3a 45->49 48 3fff00-3fff29 call 4027e0 46->48 48->45 51 3fff3c-3fff3f 49->51 52 3fff41-3fff49 49->52 51->49 51->52 54 3fff4f-3fff76 52->54 55 4001a2-4001ad call 433220 52->55 57 3fffab-3fffb5 54->57 58 3fff78 54->58 55->47 61 3fffeb 57->61 62 3fffb7-3fffbb 57->62 60 3fff80-3fffa9 call 402840 58->60 60->57 63 3fffed-3fffef 61->63 65 3fffc7-3fffcb 62->65 66 40019a 63->66 68 3ffff5-40002c 63->68 65->66 67 3fffd1-3fffd8 65->67 66->55 70 3fffde 67->70 71 3fffda-3fffdc 67->71 72 40005b-400065 68->72 73 40002e-40002f 68->73 74 3fffc0-3fffc5 70->74 75 3fffe0-3fffe2 70->75 71->70 77 4000a4 72->77 78 400067-40006f 72->78 76 400030-400059 call 4028a0 73->76 74->63 74->65 75->74 76->72 79 4000a6-4000a8 77->79 81 400087-40008b 78->81 79->66 83 4000ae-4000c5 79->83 81->66 82 400091-400098 81->82 85 40009a-40009c 82->85 86 40009e 82->86 87 4000c7 83->87 88 4000fb-400102 83->88 85->86 89 400080-400085 86->89 90 4000a0-4000a2 86->90 91 4000d0-4000f9 call 402900 87->91 92 400130-40013c 88->92 93 400104-40010d 88->93 89->79 89->81 90->89 91->88 94 4001c2-4001c7 92->94 96 400117-40011b 93->96 94->55 96->66 97 40011d-400124 96->97 99 400126-400128 97->99 100 40012a 97->100 99->100 101 400110-400115 100->101 102 40012c-40012e 100->102 101->96 103 400141-400143 101->103 102->101 103->66 104 400145-40015b 103->104 104->94 105 40015d-40015f 104->105 106 400163-400166 105->106 107 400168-400188 call 402030 106->107 108 4001bc 106->108 111 400192-400198 107->111 112 40018a-400190 107->112 108->94 111->94 112->106 112->111
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: J|BJ$V$VY^_$t
                                                                                                                                                          • API String ID: 0-3701112211
                                                                                                                                                          • Opcode ID: e05e90bea502082cdd2e9a7da92dd68087a141c82a5f1fbd0856ccdcbbc06196
                                                                                                                                                          • Instruction ID: c7c035ecfef4531fe44fe9b1987198e66b66a24cc3d34c62bc851b13a418348a
                                                                                                                                                          • Opcode Fuzzy Hash: e05e90bea502082cdd2e9a7da92dd68087a141c82a5f1fbd0856ccdcbbc06196
                                                                                                                                                          • Instruction Fuzzy Hash: 0BD176745083809BD311DF14959472FBBE1AF96B48F18882DF9C99B392C33ACD09DB96
                                                                                                                                                          Function 003FD110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 149 3fd110-3fd11b call 434cc0 152 3fd2ee-3fd2f6 ExitProcess 149->152 153 3fd121-3fd130 call 42c8d0 149->153 157 3fd2e9 call 4356e0 153->157 158 3fd136-3fd15f 153->158 157->152 162 3fd196-3fd1bf 158->162 163 3fd161 158->163 165 3fd1f6-3fd20c 162->165 166 3fd1c1 162->166 164 3fd170-3fd194 call 3fd300 163->164 164->162 167 3fd20e-3fd20f 165->167 168 3fd239-3fd23b 165->168 170 3fd1d0-3fd1f4 call 3fd370 166->170 171 3fd210-3fd237 call 3fd3e0 167->171 172 3fd23d-3fd25a 168->172 173 3fd286-3fd2aa 168->173 170->165 171->168 172->173 177 3fd25c-3fd25f 172->177 178 3fd2ac-3fd2af 173->178 179 3fd2d6 call 3fe8f0 173->179 183 3fd260-3fd284 call 3fd440 177->183 184 3fd2b0-3fd2d4 call 3fd490 178->184 185 3fd2db-3fd2dd 179->185 183->173 184->179 185->157 188 3fd2df-3fd2e4 call 402f10 call 400b40 185->188 188->157
                                                                                                                                                          APIs
                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 003FD2F1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                          • Opcode ID: efcb450b1356304b81b13ec9f77118b8ff21f5a903fec7a406f8f91205badf5d
                                                                                                                                                          • Instruction ID: 18cff345ca8ff572922160868b9aca42529a7a1623d6138e239f55c78b2e8d42
                                                                                                                                                          • Opcode Fuzzy Hash: efcb450b1356304b81b13ec9f77118b8ff21f5a903fec7a406f8f91205badf5d
                                                                                                                                                          • Instruction Fuzzy Hash: AD41697440D344ABC302BB64D688A2EFBF6EF52744F148C1DE6C49B252C339D8149BAB
                                                                                                                                                          Function 00435700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 194 435700-435714 195 4357b2 194->195 196 4357b0 194->196 197 435797-4357a5 call 433220 194->197 198 43571b-435722 194->198 199 435729-43574a 194->199 200 43578c-435795 call 4331a0 194->200 205 4357b4-4357b9 195->205 196->195 197->196 198->195 198->196 198->197 198->199 201 435776-43578a RtlReAllocateHeap 199->201 202 43574c-43574f 199->202 200->205 201->205 206 435750-435774 call 435b30 202->206 206->201
                                                                                                                                                          APIs
                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00435784
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                          • Opcode ID: 6ffa66cb29fb4d7d18402edf1442d6b0f34b1801691c377220107b2087fde430
                                                                                                                                                          • Instruction ID: c694a02ede9778145d1dc2c6301aa7c740fc7f551d138f86769007564f8f1a80
                                                                                                                                                          • Opcode Fuzzy Hash: 6ffa66cb29fb4d7d18402edf1442d6b0f34b1801691c377220107b2087fde430
                                                                                                                                                          • Instruction Fuzzy Hash: 4311A07591C240EBC311AF28E841A1FBBF5AF9A715F05982DE4C49B311D339D811CB9B
                                                                                                                                                          Function 00435BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 221 435bb0-435be2 LdrInitializeThunk
                                                                                                                                                          APIs
                                                                                                                                                          • LdrInitializeThunk.NTDLL(0043973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00435BDE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                          • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                          • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                          • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                          Function 0043695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 250 43695b-43696b call 434a20 253 436981-436a02 250->253 254 43696d 250->254 256 436a36-436a42 253->256 257 436a04 253->257 255 436970-43697f 254->255 255->253 255->255 259 436a85-436a9f 256->259 260 436a44-436a4f 256->260 258 436a10-436a34 call 4373e0 257->258 258->256 262 436a50-436a57 260->262 264 436a60-436a66 262->264 265 436a59-436a5c 262->265 264->259 267 436a68-436a7d call 435bb0 264->267 265->262 266 436a5e 265->266 266->259 269 436a82 267->269 269->259
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                          • Opcode ID: 191d5d22025441f8ba995667932cd7cd5eb3c25803f0540f27422c319281af53
                                                                                                                                                          • Instruction ID: e3d9aedee62fc4610885d474ce7fe5e93504f82b9e38d6ab6e18d44bd931ab83
                                                                                                                                                          • Opcode Fuzzy Hash: 191d5d22025441f8ba995667932cd7cd5eb3c25803f0540f27422c319281af53
                                                                                                                                                          • Instruction Fuzzy Hash: 7B31ACB1508302AFD714EF14D49072BB7F1EF8A344F04A82DE5C697361E3389904CB5A
                                                                                                                                                          Function 0040049B Relevance: .3, Instructions: 264COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 270 40049b-400515 call 3fc9f0 274 400440-400458 call 435700 270->274 275 400480 270->275 276 400242-400244 270->276 277 400482-400484 270->277 278 400246-400260 270->278 279 400386-40038c 270->279 280 400227-40023b 270->280 281 400308-40030c 270->281 282 4003ec-4003f4 270->282 283 400370-40037e 270->283 284 4003d0-4003d7 270->284 285 400311-400332 270->285 286 400472-400477 270->286 287 400393-400397 270->287 288 400356 270->288 289 400417-400430 270->289 290 400339-40034f 270->290 291 40045b-400469 call 435700 270->291 292 4003fb-400414 270->292 293 40051c-40051e 270->293 294 4003be 270->294 295 4003de-4003e3 270->295 296 40035f-400367 270->296 274->291 301 400296-4002bd 276->301 299 40048d-400496 277->299 302 400262 278->302 303 400294 278->303 279->275 279->277 279->286 279->287 280->274 280->275 280->276 280->277 280->278 280->279 280->281 280->282 280->283 280->284 280->285 280->286 280->287 280->288 280->289 280->290 280->291 280->292 280->294 280->295 280->296 281->299 282->275 282->277 282->286 282->287 282->292 283->279 284->275 284->277 284->279 284->282 284->286 284->287 284->289 284->292 284->295 285->274 285->275 285->277 285->279 285->282 285->283 285->284 285->286 285->287 285->288 285->289 285->290 285->291 285->292 285->294 285->295 285->296 286->275 312 4003a0-4003b7 287->312 288->296 289->274 290->274 290->275 290->277 290->279 290->282 290->283 290->284 290->286 290->287 290->288 290->289 290->291 290->292 290->294 290->295 290->296 291->286 292->289 297 400520-400b30 293->297 294->284 295->282 296->283 299->297 304 4002ea-400301 301->304 305 4002bf 301->305 313 400270-400292 call 402eb0 302->313 303->301 304->274 304->275 304->277 304->279 304->281 304->282 304->283 304->284 304->285 304->286 304->287 304->288 304->289 304->290 304->291 304->292 304->294 304->295 304->296 314 4002c0-4002e8 call 402e70 305->314 312->274 312->275 312->277 312->279 312->282 312->284 312->286 312->287 312->289 312->291 312->292 312->294 312->295 313->303 314->304
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 64aff05e4678cc82378d37e92e868f0fe33ee26d82aac00a21067578c1bef93e
                                                                                                                                                          • Instruction ID: 13ff6893938f3b2d19df60683279111777f4436a6bf3ce6933e2adc4b71dd2b7
                                                                                                                                                          • Opcode Fuzzy Hash: 64aff05e4678cc82378d37e92e868f0fe33ee26d82aac00a21067578c1bef93e
                                                                                                                                                          • Instruction Fuzzy Hash: 6D915875600B00CFD7288F25E894B16B7F6FB89314F118A7DE8568BAA1D734E819CB94
                                                                                                                                                          Function 00400228 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 324 400228-40023b 325 400440-400458 call 435700 324->325 326 400480 324->326 327 400242-400244 324->327 328 400482-400484 324->328 329 400246-400260 324->329 330 400386-40038c 324->330 331 400308-40030c 324->331 332 4003ec-4003f4 324->332 333 400370-40037e 324->333 334 4003d0-4003d7 324->334 335 400311-400332 324->335 336 400472-400477 324->336 337 400393-400397 324->337 338 400356 324->338 339 400417-400430 324->339 340 400339-40034f 324->340 341 40045b-400469 call 435700 324->341 342 4003fb-400414 324->342 343 4003be 324->343 344 4003de-4003e3 324->344 345 40035f-400367 324->345 325->341 349 400296-4002bd 327->349 347 40048d-400b30 328->347 350 400262 329->350 351 400294 329->351 330->326 330->328 330->336 330->337 331->347 332->326 332->328 332->336 332->337 332->342 333->330 334->326 334->328 334->330 334->332 334->336 334->337 334->339 334->342 334->344 335->325 335->326 335->328 335->330 335->332 335->333 335->334 335->336 335->337 335->338 335->339 335->340 335->341 335->342 335->343 335->344 335->345 336->326 360 4003a0-4003b7 337->360 338->345 339->325 340->325 340->326 340->328 340->330 340->332 340->333 340->334 340->336 340->337 340->338 340->339 340->341 340->342 340->343 340->344 340->345 341->336 342->339 343->334 344->332 345->333 352 4002ea-400301 349->352 353 4002bf 349->353 361 400270-400292 call 402eb0 350->361 351->349 352->325 352->326 352->328 352->330 352->331 352->332 352->333 352->334 352->335 352->336 352->337 352->338 352->339 352->340 352->341 352->342 352->343 352->344 352->345 362 4002c0-4002e8 call 402e70 353->362 360->325 360->326 360->328 360->330 360->332 360->334 360->336 360->337 360->339 360->341 360->342 360->343 360->344 361->351 362->352
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0640c4c040b98fa4c20b501acf0c99cf61c72d78b818f8477b473a4fcfa84034
                                                                                                                                                          • Instruction ID: da8f7c49756e242ffa2b27cf56eb66054a516182c5de0e8bcbeec9cec1860f26
                                                                                                                                                          • Opcode Fuzzy Hash: 0640c4c040b98fa4c20b501acf0c99cf61c72d78b818f8477b473a4fcfa84034
                                                                                                                                                          • Instruction Fuzzy Hash: B9716874600700DFD7288F25E894B16B7F6FF8A314F10897DE8468BAA2D735E819CB64
                                                                                                                                                          Function 004399D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e946eedec42760ea25128a15e545c4aa6502139cb319aaae2b41939143bcde54
                                                                                                                                                          • Instruction ID: 17c6d04c049d77bf57d48677e0b6c5bbbc54ddcc28ab424e23b9710346445f9e
                                                                                                                                                          • Opcode Fuzzy Hash: e946eedec42760ea25128a15e545c4aa6502139cb319aaae2b41939143bcde54
                                                                                                                                                          • Instruction Fuzzy Hash: 2341A134208340ABDB14EB15E890B2BF7E5EB89714F24992EF5C597351D379EC01CB5A
                                                                                                                                                          Function 004363B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 08fadab7a47c9065d319153f55765b7dc4b4afd4df15fc431cced957b9d27dfd
                                                                                                                                                          • Instruction ID: 234d55a1c5001634fe021f551a0a290e5ff48c6623638758697b492d7601f710
                                                                                                                                                          • Opcode Fuzzy Hash: 08fadab7a47c9065d319153f55765b7dc4b4afd4df15fc431cced957b9d27dfd
                                                                                                                                                          • Instruction Fuzzy Hash: E0312274648302BBDA24DB04CD82F3BB7A1EB99B15F64A52DF5815B2E1C374A8118B1E
                                                                                                                                                          Function 00400EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 48de13846b729e00c6bec52f5e4e35252eca75d54205b5491f6ef102669c27e2
                                                                                                                                                          • Instruction ID: e84ae36cce0bbf7f5f9ecb354928b5c86119ab099444ae0f40993c7f9f3027d6
                                                                                                                                                          • Opcode Fuzzy Hash: 48de13846b729e00c6bec52f5e4e35252eca75d54205b5491f6ef102669c27e2
                                                                                                                                                          • Instruction Fuzzy Hash: B921FAB4A0021A9FDB15CF94DC90BBEBBB1FB4A304F144859E911BB391C775A911CB68
                                                                                                                                                          Function 00433220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 211 433220-43322f 212 4332a2-4332a6 RtlFreeHeap 211->212 213 4332a0 211->213 214 433236-433252 211->214 215 4332ac-4332b0 211->215 212->215 213->212 216 433286-433296 214->216 217 433254 214->217 216->213 218 433260-433284 call 435af0 217->218 218->216
                                                                                                                                                          APIs
                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000), ref: 004332A6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                          • Opcode ID: 31b7fd4f03cdffc6bcc5aef7e7b047b2418027e85846db0144bc4cc4eca4e39f
                                                                                                                                                          • Instruction ID: a3ec0b617c437520696d5fcb34f94091c583c8b21f4f8a27028363afdd466165
                                                                                                                                                          • Opcode Fuzzy Hash: 31b7fd4f03cdffc6bcc5aef7e7b047b2418027e85846db0144bc4cc4eca4e39f
                                                                                                                                                          • Instruction Fuzzy Hash: 49016D3450D2409BC701EF18E845A1ABBE8EF5AB01F054C6CE5C58B361D339DD60DB96
                                                                                                                                                          Function 00433202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 222 433202-433211 RtlAllocateHeap
                                                                                                                                                          APIs
                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00433208
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                          • Opcode ID: 931e50b8446888c30bb45f735b7901db1edbb22ffa01322435b9536523424fc2
                                                                                                                                                          • Instruction ID: 151f70f714c2580ef69141e0279d38aae973cc4ae4c3bbfb0ee5931390f6c399
                                                                                                                                                          • Opcode Fuzzy Hash: 931e50b8446888c30bb45f735b7901db1edbb22ffa01322435b9536523424fc2
                                                                                                                                                          • Instruction Fuzzy Hash: BEB012344400005FDA041B00EC0AF003510EB00605F800070A100040B1D5655864C558

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 004223E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
                                                                                                                                                          • API String ID: 0-2260822535
                                                                                                                                                          • Opcode ID: 0a1627728179718f9cd8b468c5cbfd9451bd9d7d1a6ce1b81746a5da596b05bb
                                                                                                                                                          • Instruction ID: 405179297a7f5e2aa15d697b725542e25cc487b3835b5fa8c8d95d7b35bc2fc6
                                                                                                                                                          • Opcode Fuzzy Hash: 0a1627728179718f9cd8b468c5cbfd9451bd9d7d1a6ce1b81746a5da596b05bb
                                                                                                                                                          • Instruction Fuzzy Hash: 5C33DE70204B918BD7218F39D590763BBF1BF56304F98499EE4D68BB82C739E806CB65
                                                                                                                                                          Function 0040DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                                                          • API String ID: 2994545307-1418943773
                                                                                                                                                          • Opcode ID: ef2d95a3c69fbd33a0165baa6a5b4c8327760dac8ccb4971085add69204be7fa
                                                                                                                                                          • Instruction ID: 603c1eb5d0708fa7cf997c5630d779b08899166a5da6a420eed03a60ce734eb9
                                                                                                                                                          • Opcode Fuzzy Hash: ef2d95a3c69fbd33a0165baa6a5b4c8327760dac8ccb4971085add69204be7fa
                                                                                                                                                          • Instruction Fuzzy Hash: 54F28AB05083819BD770CF15C884BABBBE1BFD5304F144C2EE4C99B292D7399999CB96
                                                                                                                                                          Function 00419F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                                                          • API String ID: 0-1131134755
                                                                                                                                                          • Opcode ID: b6e5b244f1c7309c16b68bcf0f757e02463d3da60e01c03c10d5e31297267c56
                                                                                                                                                          • Instruction ID: c6130cf593262c5134abae196fb197af511adadc7cb08b73e059b46f49c47747
                                                                                                                                                          • Opcode Fuzzy Hash: b6e5b244f1c7309c16b68bcf0f757e02463d3da60e01c03c10d5e31297267c56
                                                                                                                                                          • Instruction Fuzzy Hash: A152C7B804D385CAE230CF25D581B8EBAF1BB92740F608A1EE1ED5B255DB748085CF97
                                                                                                                                                          Function 00419510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                                                          • API String ID: 0-655414846
                                                                                                                                                          • Opcode ID: db7a033964a49ecb8dccf9746fc88d00b46c601e1e770525850203c548689519
                                                                                                                                                          • Instruction ID: 9f03c57a5d47abc839588415399803ef29345b6c537316706576df7fa5007f6f
                                                                                                                                                          • Opcode Fuzzy Hash: db7a033964a49ecb8dccf9746fc88d00b46c601e1e770525850203c548689519
                                                                                                                                                          • Instruction Fuzzy Hash: 65F14FB4108380ABD310DF15D890A6BBBF4FB8AB48F044D1DF5D59B252D378D948CBAA
                                                                                                                                                          Function 0041DD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: A$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$rA$upH}${E$A
                                                                                                                                                          • API String ID: 0-836097396
                                                                                                                                                          • Opcode ID: 780a75c610512e1c00ee623fa150f2f6220d7cdd52d286065ee9e0c33d8e3842
                                                                                                                                                          • Instruction ID: 54757cdba27ad45ca541228f6dce1659266aca70f95533c129a90cb66eacaa22
                                                                                                                                                          • Opcode Fuzzy Hash: 780a75c610512e1c00ee623fa150f2f6220d7cdd52d286065ee9e0c33d8e3842
                                                                                                                                                          • Instruction Fuzzy Hash: EE921575E00215CFDB04CF69D8417AEBBB2FF4A310F298169E816AB3A1D735AD41CB94
                                                                                                                                                          Function 0041098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                                                          • API String ID: 0-4102007303
                                                                                                                                                          • Opcode ID: 630b233a7fddcb991cb948b44c20371cc567fd67608407b0d64367b17bc7ea47
                                                                                                                                                          • Instruction ID: a20d8a4044c223dacc2765009a2280ae13758d7065726667636a8669d0989694
                                                                                                                                                          • Opcode Fuzzy Hash: 630b233a7fddcb991cb948b44c20371cc567fd67608407b0d64367b17bc7ea47
                                                                                                                                                          • Instruction Fuzzy Hash: DB62CBB56083818BD730CF14D891BABBBE1FF96314F04492EE59A8B751E3799880CB57
                                                                                                                                                          Function 003F1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                                                          • API String ID: 0-2517803157
                                                                                                                                                          • Opcode ID: 2118ac0bbdfe7e985c203db021fb55e6a8422896e409ded0d13020e5983852ad
                                                                                                                                                          • Instruction ID: bb5319dbb74d03f28e2565f29955355583555c77c8168f6d1db0e8b9587701fc
                                                                                                                                                          • Opcode Fuzzy Hash: 2118ac0bbdfe7e985c203db021fb55e6a8422896e409ded0d13020e5983852ad
                                                                                                                                                          • Instruction Fuzzy Hash: 38D2F2716083458FC71ACE28C49037ABBE2AFD9314F198A2DE699CB391D774DD45CB82
                                                                                                                                                          Function 005B6514 Relevance: 7.9, Strings: 5, Instructions: 1620COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: .%1$W1~z$ju4$pdZK$zP~z
                                                                                                                                                          • API String ID: 0-3575694155
                                                                                                                                                          • Opcode ID: ce94a271566624a6854bef767d15e9370203398a2fa9f861abf39fa4fe5eef19
                                                                                                                                                          • Instruction ID: 7583c7ff5e99b5fc1dae0b519459d330f5d55c9adbe35fdd3b407d17bca31c47
                                                                                                                                                          • Opcode Fuzzy Hash: ce94a271566624a6854bef767d15e9370203398a2fa9f861abf39fa4fe5eef19
                                                                                                                                                          • Instruction Fuzzy Hash: 84B206F36082049FE304AE2DDC8577ABBE5EFD4720F1A893DE6C4C7744EA3598058696
                                                                                                                                                          Function 005C0572 Relevance: 7.9, Strings: 5, Instructions: 1613COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: .vy$m{b/$rs$v>$q7o
                                                                                                                                                          • API String ID: 0-1356770988
                                                                                                                                                          • Opcode ID: a08ae4ce616d103bcfa17bca854a9df2f70b021cb88f80248b0b7b0b6324c382
                                                                                                                                                          • Instruction ID: 63b0c3978cf1d235b3d0126d59e150c2429639fb3461889ab76d1407f307c7d7
                                                                                                                                                          • Opcode Fuzzy Hash: a08ae4ce616d103bcfa17bca854a9df2f70b021cb88f80248b0b7b0b6324c382
                                                                                                                                                          • Instruction Fuzzy Hash: 7BB2F5F3A082109FE3046E2DEC8567AFBE5EF94720F1A493DEAC4C7744EA3558018697
                                                                                                                                                          Function 005AC4F4 Relevance: 7.8, Strings: 5, Instructions: 1546COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: *"vr$ARwi$JC|$PNqn$`,O
                                                                                                                                                          • API String ID: 0-4239151392
                                                                                                                                                          • Opcode ID: 3b0fb34a9321d8c3c42453bdf9a0c27ef990460a93379659bc9cd24bcf523c7e
                                                                                                                                                          • Instruction ID: bac05a56494d1371a27be465dda34453802dc8d0061df8298f85195106e5750b
                                                                                                                                                          • Opcode Fuzzy Hash: 3b0fb34a9321d8c3c42453bdf9a0c27ef990460a93379659bc9cd24bcf523c7e
                                                                                                                                                          • Instruction Fuzzy Hash: 3DB207F3A0C200AFE7046E2DEC8567AFBE9EF94720F1A492DE6C4C7344E67558418697
                                                                                                                                                          Function 003F12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0$0$0$@$i
                                                                                                                                                          • API String ID: 0-3124195287
                                                                                                                                                          • Opcode ID: 62f37a319320d86c5745a04560d6b0fd8bd1eb9b226de48ab30e4394ab5e1912
                                                                                                                                                          • Instruction ID: 27b538f33304b28a555c5bb3bd8cbbf54add50274c7f98a9c6320cd3ba9771eb
                                                                                                                                                          • Opcode Fuzzy Hash: 62f37a319320d86c5745a04560d6b0fd8bd1eb9b226de48ab30e4394ab5e1912
                                                                                                                                                          • Instruction Fuzzy Hash: 0C62B07160C386CBC31ACE28C49077BBBE1ABD5344F198A2DE9D987291D774D949CB82
                                                                                                                                                          Function 003F164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                                          • API String ID: 0-1123320326
                                                                                                                                                          • Opcode ID: 17c51835f413b66d379d1c66029608f9502ef8d33c9167a741fc599d29f5a3c8
                                                                                                                                                          • Instruction ID: eb3975ed9b4a705d3d65c16c79efc2aaa4e69a3ea70039f9ee12bcd08bed8c1e
                                                                                                                                                          • Opcode Fuzzy Hash: 17c51835f413b66d379d1c66029608f9502ef8d33c9167a741fc599d29f5a3c8
                                                                                                                                                          • Instruction Fuzzy Hash: 1DF1C13160C3858FC71ACE29C48426BFBE2AFD9304F198A6DE5D987352D774D948CB92
                                                                                                                                                          Function 005AA949 Relevance: 6.6, Strings: 4, Instructions: 1641COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4_$?vz$rf:$N}>
                                                                                                                                                          • API String ID: 0-3063610063
                                                                                                                                                          • Opcode ID: 1c506be0e1bdabf522c65b8a492ad72a42c143bc4dd1eab262ddd6ceef6fa72e
                                                                                                                                                          • Instruction ID: 2610cfc97e47f853415e38611fc9f256ffebe47d4bc78de6397690bced18cb41
                                                                                                                                                          • Opcode Fuzzy Hash: 1c506be0e1bdabf522c65b8a492ad72a42c143bc4dd1eab262ddd6ceef6fa72e
                                                                                                                                                          • Instruction Fuzzy Hash: 21B2F6F360C2049FE304AE2DDC8567AB7EAEFD4720F1A893DE6C5C7744E63598018696
                                                                                                                                                          Function 003F13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                                          • API String ID: 0-3620105454
                                                                                                                                                          • Opcode ID: f71f4add3d2aedce12ccbaef78ae3a1ae9ebf0deb06742fb72abae86b1966d11
                                                                                                                                                          • Instruction ID: 0d1ec8c41dfa295eab0ae79580072071cd367d5bb3cff6a1fff49a8fae36027f
                                                                                                                                                          • Opcode Fuzzy Hash: f71f4add3d2aedce12ccbaef78ae3a1ae9ebf0deb06742fb72abae86b1966d11
                                                                                                                                                          • Instruction Fuzzy Hash: FAD1AF3160C7858FC71ACE29C48026AFBE2AFD9304F09CA6DE5D987356D734D949CB52
                                                                                                                                                          Function 005AF913 Relevance: 6.6, Strings: 4, Instructions: 1594COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4J9$;g_N$[E#$hYy
                                                                                                                                                          • API String ID: 0-1829557573
                                                                                                                                                          • Opcode ID: 6839e6a43bc3d535215a73b265ce575bcd12159014d19adeb48f2779a0c1169d
                                                                                                                                                          • Instruction ID: 7d7676fe72dd39940d3532e7b1a1b3b16753cd844eec42cb54357550cead42d8
                                                                                                                                                          • Opcode Fuzzy Hash: 6839e6a43bc3d535215a73b265ce575bcd12159014d19adeb48f2779a0c1169d
                                                                                                                                                          • Instruction Fuzzy Hash: 1BB219F39082049FE3046E2DEC8577ABBE9EF94720F1A4A3DEAC4D7740E63558148697
                                                                                                                                                          Function 005ADEAB Relevance: 6.6, Strings: 4, Instructions: 1560COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 6Oq$#~~$C3~$_
                                                                                                                                                          • API String ID: 0-448334524
                                                                                                                                                          • Opcode ID: 4512adadc62631decc62bd5d9e5c0f4de060ed48ae265a2b34e7f4522c92baab
                                                                                                                                                          • Instruction ID: 10df396804833fe96a43f6509529aef20cee63fae14ca8c865bd9f8193e65fe4
                                                                                                                                                          • Opcode Fuzzy Hash: 4512adadc62631decc62bd5d9e5c0f4de060ed48ae265a2b34e7f4522c92baab
                                                                                                                                                          • Instruction Fuzzy Hash: 2FB2E5F390C204AFE3046E2DEC8567AFBE9EF94720F16893DE6C487744EA3558448697
                                                                                                                                                          Function 0041FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: :$NA_I$m1s3$uvw
                                                                                                                                                          • API String ID: 0-3973114637
                                                                                                                                                          • Opcode ID: 8a9c1c3d03fb9d405939d3b309f9f8fbd5f36fc696dc35288709fdcb6d2a4494
                                                                                                                                                          • Instruction ID: ab85fc60ec83202254f1e97af839788e5460bc91e009655f33253147668693fd
                                                                                                                                                          • Opcode Fuzzy Hash: 8a9c1c3d03fb9d405939d3b309f9f8fbd5f36fc696dc35288709fdcb6d2a4494
                                                                                                                                                          • Instruction Fuzzy Hash: 0D32CCB4608380DFD301DF29E880A2BBBE1AB8A304F54496DF5D58B362D339D955CF5A
                                                                                                                                                          Function 00403BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($;z$p$ss
                                                                                                                                                          • API String ID: 0-2391135358
                                                                                                                                                          • Opcode ID: 7eace5856b0d9f2d3ee402b9235eadcc41d1fb8e0ccb7385182320e719acd0e5
                                                                                                                                                          • Instruction ID: c562404905f88f925c7cfb91ca9ce029ed4e11f2f0384f7f74e6dcfa69ab881d
                                                                                                                                                          • Opcode Fuzzy Hash: 7eace5856b0d9f2d3ee402b9235eadcc41d1fb8e0ccb7385182320e719acd0e5
                                                                                                                                                          • Instruction Fuzzy Hash: A8027BB4810B009FD720EF25D986717BFF5FB02301F50496DE89A9B686E334A419CBA6
                                                                                                                                                          Function 00412260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: a|$hu$lc$sj
                                                                                                                                                          • API String ID: 0-3748788050
                                                                                                                                                          • Opcode ID: 6559259b69d5d9a317b21068f12a575fed7be2d92d858f28113629dbbbbc077e
                                                                                                                                                          • Instruction ID: 0add19660f77ca1c2fbde4dc55ec75d3c5397429ada35a5eeb94d786e1f5b0f1
                                                                                                                                                          • Opcode Fuzzy Hash: 6559259b69d5d9a317b21068f12a575fed7be2d92d858f28113629dbbbbc077e
                                                                                                                                                          • Instruction Fuzzy Hash: BBA1ABB44083418BC720DF18C891A6BB7F0FF96354F148A0DE8D99B391E379D991CB9A
                                                                                                                                                          Function 005BB545 Relevance: 5.3, Strings: 3, Instructions: 1592COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: #Ft{$*fzy$^,D
                                                                                                                                                          • API String ID: 0-2287951629
                                                                                                                                                          • Opcode ID: db827aaf86ac65ae40ec9a655a6631616ce60b5fc134ecbfdfa7d861c47f427b
                                                                                                                                                          • Instruction ID: 680cb922be4e03d57127b03a0d54c310a9e7e0ca2b0f3efee3324f7df45f2868
                                                                                                                                                          • Opcode Fuzzy Hash: db827aaf86ac65ae40ec9a655a6631616ce60b5fc134ecbfdfa7d861c47f427b
                                                                                                                                                          • Instruction Fuzzy Hash: 81B2F8F360C2009FE304AE2DEC9567AFBE9EF94720F1A493DE6C583744EA7558018697
                                                                                                                                                          Function 0041D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: #'$CV$KV$T>
                                                                                                                                                          • API String ID: 0-95592268
                                                                                                                                                          • Opcode ID: d2a5d1a2a77a6f66624d1b8cee0e71648b238a8ac00bb8f6425b9cf98d0fe818
                                                                                                                                                          • Instruction ID: edb38c4d1925ab43dac69dca9f1bb92d554e215777fd1b8fbdcf2243805ea954
                                                                                                                                                          • Opcode Fuzzy Hash: d2a5d1a2a77a6f66624d1b8cee0e71648b238a8ac00bb8f6425b9cf98d0fe818
                                                                                                                                                          • Instruction Fuzzy Hash: 808155F4801B459BCB20DF95D28519EBFB1FF12300F60460DE4866BA55C334AA55CFE6
                                                                                                                                                          Function 005B4C1D Relevance: 5.2, Strings: 3, Instructions: 1457COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %5F$rzn[$4T
                                                                                                                                                          • API String ID: 0-3699357818
                                                                                                                                                          • Opcode ID: c6e2e64a057c550ab901708ac7b7c7d9f876acdaee7e90e08f651a7f8750efe2
                                                                                                                                                          • Instruction ID: 4501fe0fb2e09acaf0649970a6995f398175b46ca2102250fc6c128731421617
                                                                                                                                                          • Opcode Fuzzy Hash: c6e2e64a057c550ab901708ac7b7c7d9f876acdaee7e90e08f651a7f8750efe2
                                                                                                                                                          • Instruction Fuzzy Hash: CFA238F3A086009FE3046E2DEC8577ABBEAEFD4720F1A493DE6C4C7744E53598058696
                                                                                                                                                          Function 0041AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                                                          • API String ID: 0-1327526056
                                                                                                                                                          • Opcode ID: feb7a23a5dfb773ab9e414442b8b4d7ddd391be194e7ea0a496c5d5bc6b80a4f
                                                                                                                                                          • Instruction ID: 2cf1c17f54724a54a06820cf45063fec65c2b574912a3c434236ef1e1c26e903
                                                                                                                                                          • Opcode Fuzzy Hash: feb7a23a5dfb773ab9e414442b8b4d7ddd391be194e7ea0a496c5d5bc6b80a4f
                                                                                                                                                          • Instruction Fuzzy Hash: 874167B4409381CBD7209F20D900BABB7F4FF86305F54596EE5C897261DB39D984CB9A
                                                                                                                                                          Function 005BCF47 Relevance: 4.2, Strings: 2, Instructions: 1669COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: G'o-$|tr
                                                                                                                                                          • API String ID: 0-1258344055
                                                                                                                                                          • Opcode ID: db630ac0583bd63fb3bdca7cf9caebb1454a9d7f6aafedd9377cb2f4f6ecfa2e
                                                                                                                                                          • Instruction ID: c61d5c4854bc818ee8996906459dfab8f86f5e1f55cac351e8f5488e9a00ffee
                                                                                                                                                          • Opcode Fuzzy Hash: db630ac0583bd63fb3bdca7cf9caebb1454a9d7f6aafedd9377cb2f4f6ecfa2e
                                                                                                                                                          • Instruction Fuzzy Hash: 9EB2F6F360C6149FE304AE29EC8567ABBE9EF94320F16493DEAC5C7740EA3558018797
                                                                                                                                                          Function 0041C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($%*+($~/i!
                                                                                                                                                          • API String ID: 0-4033100838
                                                                                                                                                          • Opcode ID: 48581cf0f81b573b22c2d7e40b11ba2e881316ad6816c5caa6b3c87753f64d35
                                                                                                                                                          • Instruction ID: 2d75b386f74a155189ebfed1de9f4e218aa58d265fb3990618ed6efe3a249ed0
                                                                                                                                                          • Opcode Fuzzy Hash: 48581cf0f81b573b22c2d7e40b11ba2e881316ad6816c5caa6b3c87753f64d35
                                                                                                                                                          • Instruction Fuzzy Hash: A6E1A7B5518340DFE3209F24D881B6BBBF5FB86344F48882DE5C987261D735D851CB96
                                                                                                                                                          Function 003F35B0 Relevance: 4.2, Strings: 3, Instructions: 411COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: !,:U$Inf$NaN
                                                                                                                                                          • API String ID: 0-52839475
                                                                                                                                                          • Opcode ID: 5bace6e06c3731b062932a1dd6c2077f90a828ab41fbbb193385b2363cca4c15
                                                                                                                                                          • Instruction ID: 31855e1639de425b434bd2af324a9dfd3b8d2170b7a2c79a49f04494ff9255ca
                                                                                                                                                          • Opcode Fuzzy Hash: 5bace6e06c3731b062932a1dd6c2077f90a828ab41fbbb193385b2363cca4c15
                                                                                                                                                          • Instruction Fuzzy Hash: 4BD1F571A083159BC705CF29C98062FB7E5EBC8750F158A3DFA99973A0E775DD048B82
                                                                                                                                                          Function 003F8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: )$)$IEND
                                                                                                                                                          • API String ID: 0-588110143
                                                                                                                                                          • Opcode ID: 3bec17d627afc5408f834f195624325a81e1043b56294efd69c94c426078213a
                                                                                                                                                          • Instruction ID: 6d66a7330dd525dba9a5a5ff5952e17a8f61bc85ee4768adf031155a0ddb4680
                                                                                                                                                          • Opcode Fuzzy Hash: 3bec17d627afc5408f834f195624325a81e1043b56294efd69c94c426078213a
                                                                                                                                                          • Instruction Fuzzy Hash: 3BE1E1B1A0870A9FE715CF28C88172ABBE0FB94314F14492DE6959B381DB75E915CBC2
                                                                                                                                                          Function 005B2FE8 Relevance: 4.0, Strings: 2, Instructions: 1520COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: [!75$oW=
                                                                                                                                                          • API String ID: 0-1512781667
                                                                                                                                                          • Opcode ID: fb9512b93e63fb31ae4b67ee3a0f3e1214dab0585183fd2de052fdbb92c30a48
                                                                                                                                                          • Instruction ID: 2afff7469b48fad3425f03a6f73221e13abb67750532523bc7da81992de7e43b
                                                                                                                                                          • Opcode Fuzzy Hash: fb9512b93e63fb31ae4b67ee3a0f3e1214dab0585183fd2de052fdbb92c30a48
                                                                                                                                                          • Instruction Fuzzy Hash: 45A217F3A0C2049FE3046F29EC8567ABBE5EF94720F164A3DEAC487744EA3558148797
                                                                                                                                                          Function 00434040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($f
                                                                                                                                                          • API String ID: 0-2038831151
                                                                                                                                                          • Opcode ID: 49bd2f1ff6c8ec740440a596fce18315c2f550b7d5c239b823a981bf21f4e49c
                                                                                                                                                          • Instruction ID: 4f0228a1993e082b56d4c75eccc1597e9e8992924fd5e3185978e62f0d0e4b11
                                                                                                                                                          • Opcode Fuzzy Hash: 49bd2f1ff6c8ec740440a596fce18315c2f550b7d5c239b823a981bf21f4e49c
                                                                                                                                                          • Instruction Fuzzy Hash: 53129A716083419FCB14CF18C880A6FBBE1FBC9314F189A2EF5949B391D739E9458B96
                                                                                                                                                          Function 0042F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: dg$hi
                                                                                                                                                          • API String ID: 0-2859417413
                                                                                                                                                          • Opcode ID: 3a5ecd43d99c72acecbeb573916ded1ede19bf6d5e9a9d40c54d797f27ac9c8f
                                                                                                                                                          • Instruction ID: a3c7a87ce42396305a6c207f58b82c91c5ddd3385893d548ae42ce0f63b037bc
                                                                                                                                                          • Opcode Fuzzy Hash: 3a5ecd43d99c72acecbeb573916ded1ede19bf6d5e9a9d40c54d797f27ac9c8f
                                                                                                                                                          • Instruction Fuzzy Hash: ACF19575618301EFE704DF24D891B2ABBF5FB86344F94992DF4858B2A1C738D849CB1A
                                                                                                                                                          Function 0040FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: BaBc$Ye[g
                                                                                                                                                          • API String ID: 0-286865133
                                                                                                                                                          • Opcode ID: a3184f3821e5ab85771e54dbe990f87ff8d792c4abea6f952cb9972d19bdc9ba
                                                                                                                                                          • Instruction ID: cb8561ab5626105f1930a0cf915a00450479fa0a427b9684cf62073998ef547e
                                                                                                                                                          • Opcode Fuzzy Hash: a3184f3821e5ab85771e54dbe990f87ff8d792c4abea6f952cb9972d19bdc9ba
                                                                                                                                                          • Instruction Fuzzy Hash: 2C51ACB16083818BD731CF14C481BABB7E0FF96350F18491EE4998B751E3B89980CB5B
                                                                                                                                                          Function 003F5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %1.17g
                                                                                                                                                          • API String ID: 0-1551345525
                                                                                                                                                          • Opcode ID: 80c520fdc587a59a14b863acb2708b8550c3a944706e312552a52c14d9d12c55
                                                                                                                                                          • Instruction ID: aba7236510e5f2154d71c435ce682432fea87c7822032940ef52f47ec6398dff
                                                                                                                                                          • Opcode Fuzzy Hash: 80c520fdc587a59a14b863acb2708b8550c3a944706e312552a52c14d9d12c55
                                                                                                                                                          • Instruction Fuzzy Hash: 7622F3B6A08B4ACBE7168E18D940336BBE2AFE1344F1E856DDB598B351E771DC08C741
                                                                                                                                                          Function 004212D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: "
                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                          • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                                          • Instruction ID: 2f0568e2faafb02ab109ed01f1d85f5ea5d0041f69b900967f387bfa3873329d
                                                                                                                                                          • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                                          • Instruction Fuzzy Hash: A9F16971B083615FC724CE24D480A3BBBE6AFE5344F58C56EE889873A2D638DD05C796
                                                                                                                                                          Function 0041AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: b3b4e7745ca5a0d6066c23faa3726ccbfed6341c257b00859ab1decf8a774283
                                                                                                                                                          • Instruction ID: 515ad5fdbcdcf305c8f000fdc281664c9cb8e47c88a183d9809378f4cbb8ecf7
                                                                                                                                                          • Opcode Fuzzy Hash: b3b4e7745ca5a0d6066c23faa3726ccbfed6341c257b00859ab1decf8a774283
                                                                                                                                                          • Instruction Fuzzy Hash: FCE1BC75508306CBC724DF24C4905ABB7E2FF99781F54892DE8D587320E338E999CB8A
                                                                                                                                                          Function 00406EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: e2dd7d14c39f7f730b73593db715b5216dab881620a6948a57057e1b98212582
                                                                                                                                                          • Instruction ID: cc7f54498cb9df41f5f4faa37302e81f5dd41a949068a279fe59706cbf5161b2
                                                                                                                                                          • Opcode Fuzzy Hash: e2dd7d14c39f7f730b73593db715b5216dab881620a6948a57057e1b98212582
                                                                                                                                                          • Instruction Fuzzy Hash: 85F1BEB5A00705CFD7259F24D981A26B3F2FF48314B15993EE58787A91EB38F825CB48
                                                                                                                                                          Function 00417E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 71d591068a07db4e6726d9a158163f31e9e18953af10b2e18aaa2b06bf8d1ea7
                                                                                                                                                          • Instruction ID: ec5b88168d1fecd9422f20fb8d4fa75b614dbcea0b5b2c06f8e0709dcbf32f5d
                                                                                                                                                          • Opcode Fuzzy Hash: 71d591068a07db4e6726d9a158163f31e9e18953af10b2e18aaa2b06bf8d1ea7
                                                                                                                                                          • Instruction Fuzzy Hash: 1DC1DF72508204ABD711EB14C881A6BB7F5EF96354F08481EF8C58B351E739EC95CBAB
                                                                                                                                                          Function 00418D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 4ac8180c533bae95c6f19633998702b5fbea8bbe0e07e50aaa7b5c8b866e2b83
                                                                                                                                                          • Instruction ID: bca0592b34946f5fa30777d82aadab4b8d2f3edbc284863e133dacdf976d036c
                                                                                                                                                          • Opcode Fuzzy Hash: 4ac8180c533bae95c6f19633998702b5fbea8bbe0e07e50aaa7b5c8b866e2b83
                                                                                                                                                          • Instruction Fuzzy Hash: 70D1DCB4A18302DFD704DF68D890A6AB7E5FF8A304F09487DE98687391D738E864CB55
                                                                                                                                                          Function 00404487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: BI@
                                                                                                                                                          • API String ID: 0-3677893984
                                                                                                                                                          • Opcode ID: 0c5a979ec33d9b92785b112b52c38ac79ee87f51aca7ee2985f31cdd2b4b6de2
                                                                                                                                                          • Instruction ID: bc622bf6d53b53d138f3e6e73d89e1572a63ea16fa8acca3edfb137e72f8e2d5
                                                                                                                                                          • Opcode Fuzzy Hash: 0c5a979ec33d9b92785b112b52c38ac79ee87f51aca7ee2985f31cdd2b4b6de2
                                                                                                                                                          • Instruction Fuzzy Hash: 0EE101B5601B008FD325CF28D992B97B7E1FF46704F04886DE5AACB792E735B8148B58
                                                                                                                                                          Function 00437FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: P
                                                                                                                                                          • API String ID: 0-3110715001
                                                                                                                                                          • Opcode ID: 2b092832ff6ad71f2be6e319ef6089b9e9857d606439a2824c27a50a7ca5ca60
                                                                                                                                                          • Instruction ID: eedc226e7074d8befe7b846c2b88a342196b404a0220eceaeb17dadeae103ac5
                                                                                                                                                          • Opcode Fuzzy Hash: 2b092832ff6ad71f2be6e319ef6089b9e9857d606439a2824c27a50a7ca5ca60
                                                                                                                                                          • Instruction Fuzzy Hash: 97D1E3729083654FC725CE18989071FF6E1EB89718F158A3DF8A5AB380DB79DC0687C6
                                                                                                                                                          Function 00436CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: "pC
                                                                                                                                                          • API String ID: 0-73540160
                                                                                                                                                          • Opcode ID: df887e25d1c7161207ef7a5471f9c2282a60fd6cad744e6837e766ef65c20ef3
                                                                                                                                                          • Instruction ID: 36398428c389418382579507bae6897d1fcd1726a0be122626c5e753659fff74
                                                                                                                                                          • Opcode Fuzzy Hash: df887e25d1c7161207ef7a5471f9c2282a60fd6cad744e6837e766ef65c20ef3
                                                                                                                                                          • Instruction Fuzzy Hash: 0BD1E23A618355CFCB14CF38E8C052ABBE2AB8A315F098A7DE595C7391D334DA44CB95
                                                                                                                                                          Function 0041CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 2994545307-3233224373
                                                                                                                                                          • Opcode ID: 06061a369b4b2266e10f9437fd6985647535192bcd697ebd71b91ceb4358e052
                                                                                                                                                          • Instruction ID: 9253611504a73d149647665b6450840edd9578c1e3e3064002f15d1fb305b471
                                                                                                                                                          • Opcode Fuzzy Hash: 06061a369b4b2266e10f9437fd6985647535192bcd697ebd71b91ceb4358e052
                                                                                                                                                          • Instruction Fuzzy Hash: AFB10270A483059BD714DF14D880B6BFBE2EF86344F14492EE5C58B351E339E895CB9A
                                                                                                                                                          Function 003FA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,
                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                          • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                                          • Instruction ID: ae2697d80ce8c25453ea3c89d37807840d42bb42ef265abd40b9f7ff1ee0d3cf
                                                                                                                                                          • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                                          • Instruction Fuzzy Hash: 73B138702087859FC321CF58C88062BFBE1AFA9704F448A2DF5D997742D271EA08CB67
                                                                                                                                                          Function 0042FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 20bc2bdf7da148f579e7e1e7840529070171806e989b1e37a9a15b5e7b7fc590
                                                                                                                                                          • Instruction ID: 7a78a29ccfc40f5fb6cd541c2a845cc87d12a4432ee66c1d0c60d386e6af6300
                                                                                                                                                          • Opcode Fuzzy Hash: 20bc2bdf7da148f579e7e1e7840529070171806e989b1e37a9a15b5e7b7fc590
                                                                                                                                                          • Instruction Fuzzy Hash: EC81DD74218300EBE710DF55E980A2BB7F5FB9A705F84883EF58587252D738D819CB6A
                                                                                                                                                          Function 0040D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 1467497cb771c9822b89dff63d1dd536283168b44c6bb3a92b0ec04264d90c8b
                                                                                                                                                          • Instruction ID: 0330fe7c328c233aa8ce2c68847f1fa8810754bbadc90f0599806b30b2d1fefb
                                                                                                                                                          • Opcode Fuzzy Hash: 1467497cb771c9822b89dff63d1dd536283168b44c6bb3a92b0ec04264d90c8b
                                                                                                                                                          • Instruction Fuzzy Hash: 9561CF75908204DBDB10AF58DC42A3BB3B0FF95354F08093AF9859B391E73AE915C79A
                                                                                                                                                          Function 00434A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: c413e94a671cf57da17c8a6955d2ca127c94fae552e7a7e55a8cec2db3263b16
                                                                                                                                                          • Instruction ID: 88a289e1782d8a296e2b0e4a34917dd8b314595f2a436196b8b061500909bff9
                                                                                                                                                          • Opcode Fuzzy Hash: c413e94a671cf57da17c8a6955d2ca127c94fae552e7a7e55a8cec2db3263b16
                                                                                                                                                          • Instruction Fuzzy Hash: C461ED756083419BD710DF15D880B6AFBE6EBC9324F19A92EE58487391C739FC01CB5A
                                                                                                                                                          Function 0047E967 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: VTr
                                                                                                                                                          • API String ID: 0-167250916
                                                                                                                                                          • Opcode ID: 1c2a56e8203a1862bf17ae90e9b80bbe02f8cce242191cbd7dd047705c2bf396
                                                                                                                                                          • Instruction ID: 70817e6698210483902eadd4e2c49a0a2746b619c0824e8060363ce26b1bc5dd
                                                                                                                                                          • Opcode Fuzzy Hash: 1c2a56e8203a1862bf17ae90e9b80bbe02f8cce242191cbd7dd047705c2bf396
                                                                                                                                                          • Instruction Fuzzy Hash: 44511BF3A186009FE3005E2DDC8576AB7EAEBD8320F1A863DEAC4C7744E53998054796
                                                                                                                                                          Function 004A1946 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Z~
                                                                                                                                                          • API String ID: 0-4046450449
                                                                                                                                                          • Opcode ID: bc3425ac7e59a7dd6ee043cc2ac097ffa47acb9a71cb0a50d9e3a367e7bdb18e
                                                                                                                                                          • Instruction ID: 8881e6b120f09e3154110a1fa5b7dcf456a8c0e8c756e02998611b68378fae18
                                                                                                                                                          • Opcode Fuzzy Hash: bc3425ac7e59a7dd6ee043cc2ac097ffa47acb9a71cb0a50d9e3a367e7bdb18e
                                                                                                                                                          • Instruction Fuzzy Hash: 065149F3E092101BE304992EDCC576BB6DADBD4720F2B453DCA89D3780E5796D068286
                                                                                                                                                          Function 003FE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 003FE333
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                                          • API String ID: 0-2471034898
                                                                                                                                                          • Opcode ID: afb8eafc6fd5f6d1485013ebc6da13ea469158f67d4331abc7304a3c41f13865
                                                                                                                                                          • Instruction ID: 5bd3f148d75808b6efe0f631860609a4bac65909b961f9e54218ce4f9145e1ed
                                                                                                                                                          • Opcode Fuzzy Hash: afb8eafc6fd5f6d1485013ebc6da13ea469158f67d4331abc7304a3c41f13865
                                                                                                                                                          • Instruction Fuzzy Hash: 68514937A196954BD32A993C5C553B97A8B0BD2334B3EC77AEAF1CB3F1E55548008340
                                                                                                                                                          Function 00433920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: f9f0e6fe34fd2473635bd52dd6dce06d09eb1a7713aa7a41002910e008c5d166
                                                                                                                                                          • Instruction ID: 798f6e0ee4a0610970ebe3711439ccc7c4dbfe846c77fd6afae9cde5f7058a18
                                                                                                                                                          • Opcode Fuzzy Hash: f9f0e6fe34fd2473635bd52dd6dce06d09eb1a7713aa7a41002910e008c5d166
                                                                                                                                                          • Instruction Fuzzy Hash: 6151B074608200DBCB24EF19D880A2BFBE5EF89706F14982EE4C587351C379DD10CB6A
                                                                                                                                                          Function 00401BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: L3
                                                                                                                                                          • API String ID: 0-2730849248
                                                                                                                                                          • Opcode ID: c2920da8e33e094c842bfad529edeb3744d4546ff7e00f4384337b6d63c798ea
                                                                                                                                                          • Instruction ID: 14bbebb9a4a5eb18ace84b560c9b72f5621c0032d8783982097d9fcfed5fce7e
                                                                                                                                                          • Opcode Fuzzy Hash: c2920da8e33e094c842bfad529edeb3744d4546ff7e00f4384337b6d63c798ea
                                                                                                                                                          • Instruction Fuzzy Hash: E24154B440C3809BD7149F14C894A2FBBF0BF86714F04992DF9C5AB2A1D73AC915CB5A
                                                                                                                                                          Function 0042FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 06c9a006e6f5ad19479cbec5bf313881d71fef0010d3bea36a03353b5dd185ea
                                                                                                                                                          • Instruction ID: 4ff1384088fd34b64fdb1e92803ec360ae51d4a4aae1cc2c75a4d546575eb321
                                                                                                                                                          • Opcode Fuzzy Hash: 06c9a006e6f5ad19479cbec5bf313881d71fef0010d3bea36a03353b5dd185ea
                                                                                                                                                          • Instruction Fuzzy Hash: 54314AB0608305ABD614EB14ED91B2BB7F8EB89748F50192AF984D7252E239DC14C767
                                                                                                                                                          Function 0041E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 72?1
                                                                                                                                                          • API String ID: 0-1649870076
                                                                                                                                                          • Opcode ID: e95d014c31abbc6777ad6847c9650b9fe3396af970387fdd2a73ca1fa9e74622
                                                                                                                                                          • Instruction ID: c94105c37cc773714dff9d3c831e697901a77405acf8f519e64dfbfe0b920d24
                                                                                                                                                          • Opcode Fuzzy Hash: e95d014c31abbc6777ad6847c9650b9fe3396af970387fdd2a73ca1fa9e74622
                                                                                                                                                          • Instruction Fuzzy Hash: F83109B9900205CFDB21DF95E9805BFF7B4FB0A305F54082DD946AB351C335A941CBA6
                                                                                                                                                          Function 00406F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: ce7c16d80494eb3a4c93f2c1edb1bfec301afdcf5cbc2b097c6ff1bc48e625ec
                                                                                                                                                          • Instruction ID: 6bde27606608fb97a1644ba100173baedbd77c6a398b177fdfcfab2052ba49f1
                                                                                                                                                          • Opcode Fuzzy Hash: ce7c16d80494eb3a4c93f2c1edb1bfec301afdcf5cbc2b097c6ff1bc48e625ec
                                                                                                                                                          • Instruction Fuzzy Hash: 3E417B75604B00DBD7348F21D994B27B7F2FB09305F14892DE586A7BA1E335F8008B19
                                                                                                                                                          Function 0041E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 72?1
                                                                                                                                                          • API String ID: 0-1649870076
                                                                                                                                                          • Opcode ID: fdb064b131266befd4629fe860380f6547d9aae142426f49a08483221b368153
                                                                                                                                                          • Instruction ID: 9c59921d72b28bb783a0b0ff5db4dfef55627c61f91db37d38c2678b03608e1a
                                                                                                                                                          • Opcode Fuzzy Hash: fdb064b131266befd4629fe860380f6547d9aae142426f49a08483221b368153
                                                                                                                                                          • Instruction Fuzzy Hash: 5A2105B9900204CFD721DF96D9805BFFBB5BB0A304F54082DD846AB351C335AD81CBAA
                                                                                                                                                          Function 00439CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                                                                          • Opcode ID: 515c97d9874ef6b8530b7206e08ea160a227ce2e5ba962b9bf79015eaaf1a4bf
                                                                                                                                                          • Instruction ID: 5406c698e8f7f2610e387a78ed2a6d5e540cd71e6f7c29c5fd72c5834b65de81
                                                                                                                                                          • Opcode Fuzzy Hash: 515c97d9874ef6b8530b7206e08ea160a227ce2e5ba962b9bf79015eaaf1a4bf
                                                                                                                                                          • Instruction Fuzzy Hash: EB3176749083009BD710EF15E880A2BFBF9EF9A314F14A92DE5C897351D379D904CBAA
                                                                                                                                                          Function 00404E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a20b77aa7261e4fab53ca51946d883540a5e1ea26361c421fbb7603e65e629a5
                                                                                                                                                          • Instruction ID: 9b73f179b9fa6f30b25988cd1ba2fba2cdec5ec69e7441e44cd0bb7583616edf
                                                                                                                                                          • Opcode Fuzzy Hash: a20b77aa7261e4fab53ca51946d883540a5e1ea26361c421fbb7603e65e629a5
                                                                                                                                                          • Instruction Fuzzy Hash: E9624AB0900B008FD725CF24D984B27B7F5EF46704F54892DD49A9BA92E779F808CB99
                                                                                                                                                          Function 003FBEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                                          • Instruction ID: 41ac59a9f2b5ec78211a801052df551f1a434151acd1cfa3ee430b002abc4c22
                                                                                                                                                          • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                                          • Instruction Fuzzy Hash: 00524931A6871D8BC7269F18D5402BBF3E1FFC4319F295A2DCAC697290D734A851CB86
                                                                                                                                                          Function 00438652 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9f74dfad7f83c5ddcaca1dd9a3178f59c001cf6bbe608c9dcdf37014a082be4f
                                                                                                                                                          • Instruction ID: 36a92bd5a27041b860a683baa265caf1984516f1241a88e85d39b7bb909396f1
                                                                                                                                                          • Opcode Fuzzy Hash: 9f74dfad7f83c5ddcaca1dd9a3178f59c001cf6bbe608c9dcdf37014a082be4f
                                                                                                                                                          • Instruction Fuzzy Hash: 3922B939608341CFD704DF68E89062ABBE1FB8A315F09897EE58987351D735E950CB4A
                                                                                                                                                          Function 004386F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d31f9ad3f1aa77186099dc5d5ffd69c39f2cd5625821066991fc7bcdf1151661
                                                                                                                                                          • Instruction ID: e87c4c3008d34500b73994dc4150ae2ffb17430a84adf212400c95430fd9970f
                                                                                                                                                          • Opcode Fuzzy Hash: d31f9ad3f1aa77186099dc5d5ffd69c39f2cd5625821066991fc7bcdf1151661
                                                                                                                                                          • Instruction Fuzzy Hash: 22229839608340DFD704DF68E89061ABBE1FB8A315F09897EE5C987361C739E850CB4A
                                                                                                                                                          Function 003FB3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 76441679df8769ace577cd11d60b3c95b6dd7faa3e4f1d6e00f94cbfe303b305
                                                                                                                                                          • Instruction ID: d9a3cf375134d96121ae8d0fef6dea338129bdb986be03359119f6e8c13aeb6c
                                                                                                                                                          • Opcode Fuzzy Hash: 76441679df8769ace577cd11d60b3c95b6dd7faa3e4f1d6e00f94cbfe303b305
                                                                                                                                                          • Instruction Fuzzy Hash: BF5292F0908B8C8FE7368B24C4847B7FBE2AF91314F15482DD6D606B86C779A889C751
                                                                                                                                                          Function 003F71F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8aadf3ebc484b15f4fda45eba203da8d733c40bce0dc92360b151abd62363c04
                                                                                                                                                          • Instruction ID: dc9d5de4e2b4506fdf6cd08b1974d6fb5fc62714aa0d3d320f01ba43476d4890
                                                                                                                                                          • Opcode Fuzzy Hash: 8aadf3ebc484b15f4fda45eba203da8d733c40bce0dc92360b151abd62363c04
                                                                                                                                                          • Instruction Fuzzy Hash: 7E52D23150C3498FCB16CF28C0906BABBE2FF89314F198A6DE9995B351D774E949CB81
                                                                                                                                                          Function 003F8FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 48171075f2ba0be7911f7420347ca59a16aac0c62ed4e0ef3295641898871e75
                                                                                                                                                          • Instruction ID: 4e1bade4cfd21996d48b88ffb5ea51166713dd7f818f9184c17685a2be70654b
                                                                                                                                                          • Opcode Fuzzy Hash: 48171075f2ba0be7911f7420347ca59a16aac0c62ed4e0ef3295641898871e75
                                                                                                                                                          • Instruction Fuzzy Hash: 34428675609305DFE708CF29D85076ABBE1BF88315F09886DE9898B3A1D335D985CF42
                                                                                                                                                          Function 003F7BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 72eea06afc0ac295485380d3fb5b94cc7904838bf922e3f2533cd4b8bd7b740f
                                                                                                                                                          • Instruction ID: 4aeb50e784719b82aeb92a4a6602522ae8a98ac9a96979d57be23a5907ca246a
                                                                                                                                                          • Opcode Fuzzy Hash: 72eea06afc0ac295485380d3fb5b94cc7904838bf922e3f2533cd4b8bd7b740f
                                                                                                                                                          • Instruction Fuzzy Hash: 3D321170518B198FC36ACF29C59056ABBF1BF45710BA04A2ED6A787F90DB36F845CB10
                                                                                                                                                          Function 004389A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 96714822afa4a109308dd92bf75d1472d126416b21c6a74a849027ae6d2cf8a7
                                                                                                                                                          • Instruction ID: a2bf3d1a7f47552b849fe4237f1ca8268388a59bcd4b7e93a6afb8ed6de8312b
                                                                                                                                                          • Opcode Fuzzy Hash: 96714822afa4a109308dd92bf75d1472d126416b21c6a74a849027ae6d2cf8a7
                                                                                                                                                          • Instruction Fuzzy Hash: D5029739608341DFC704DF68E88061AFBE1FB8A305F09896EE5C587361C37AD910CB9A
                                                                                                                                                          Function 00438A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d0a2e41385dabf36c76889df2d20280ab5d054a2b190d9af63c97fdc6874894c
                                                                                                                                                          • Instruction ID: ce84fd623ea6c6db2ad869b1aa74244be1f5610503f9238a729bbb3f230374f3
                                                                                                                                                          • Opcode Fuzzy Hash: d0a2e41385dabf36c76889df2d20280ab5d054a2b190d9af63c97fdc6874894c
                                                                                                                                                          • Instruction Fuzzy Hash: A0F17835608341DFD704EF68E88061EFBE1BB8A705F09896EE4C987351D77AD910CB9A
                                                                                                                                                          Function 00438C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1e80c0c7e2822d42c2f15ffb4615d89c52aaedae2d7cde17a34e3b894d1fe2b0
                                                                                                                                                          • Instruction ID: 2243915c1a6c0f182d0884cf39d740a670f6c5aebbb29c68c23b433e1bda4d64
                                                                                                                                                          • Opcode Fuzzy Hash: 1e80c0c7e2822d42c2f15ffb4615d89c52aaedae2d7cde17a34e3b894d1fe2b0
                                                                                                                                                          • Instruction Fuzzy Hash: B8E19B35608341CFC704DF28E88062AFBE2BB8A315F09896DE5D987351D77AE910CB96
                                                                                                                                                          Function 003FA300 Relevance: .5, Instructions: 459COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                                          • Instruction ID: 9403b49ad7aa75a540ff1644ccabd93d0fd93b1525351f482c377db9bb5bcf25
                                                                                                                                                          • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                                          • Instruction Fuzzy Hash: 13F1DF752087458FC725CF29C880A6BFBE6AFD8300F08882DE5C987751E779E849CB52
                                                                                                                                                          Function 00438E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3b6829a1ca4f107b484cfe38d37ba4f6daf47c4efe78620b3605eaf9c75fe668
                                                                                                                                                          • Instruction ID: 8b07bbccee6918a49f6ef43e41149d57f5556f0ed163c816e40de6065c612952
                                                                                                                                                          • Opcode Fuzzy Hash: 3b6829a1ca4f107b484cfe38d37ba4f6daf47c4efe78620b3605eaf9c75fe668
                                                                                                                                                          • Instruction Fuzzy Hash: 64D1783460C280DFD705EF28E99062AFBF5EB8A705F09896DE4C587351D77AD810CB9A
                                                                                                                                                          Function 00437AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e832d8e38ce7bd73d8d3c34c760bf66f0977e04c0d0318332dd2d5162d98fcdb
                                                                                                                                                          • Instruction ID: 9220354cc27e01ddbe84f9dd6c2fd04b70277ccb558e87a887a4d0122dd5e100
                                                                                                                                                          • Opcode Fuzzy Hash: e832d8e38ce7bd73d8d3c34c760bf66f0977e04c0d0318332dd2d5162d98fcdb
                                                                                                                                                          • Instruction Fuzzy Hash: 5CB117B2A0C3505BE724DF28CC4176BB7E5ABC9314F04592EE9D997382E739EC048796
                                                                                                                                                          Function 005AF9CC Relevance: .3, Instructions: 337COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 91af0a496e5240b063ae3d2a04b2dca1dee9de50a087c73e9483822be2933d5a
                                                                                                                                                          • Instruction ID: 558a02cf43f149a7b1a1e579c9df5dc9896ed4fd9976e4035ea1d67a53187bf8
                                                                                                                                                          • Opcode Fuzzy Hash: 91af0a496e5240b063ae3d2a04b2dca1dee9de50a087c73e9483822be2933d5a
                                                                                                                                                          • Instruction Fuzzy Hash: FDB115B390C2049FE3047E2DDC4167AFBE9EF54720F5A4A3DE9D8D3740EA3159048696
                                                                                                                                                          Function 003FAF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                                          • Instruction ID: 8bf69ab607660441dde5ab47c2a0b75ae9272c9577467647b931a9e4bdd78d39
                                                                                                                                                          • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                                          • Instruction Fuzzy Hash: A7C18EB2A587458FC361CF28CC967ABB7E1BF85318F08492DD2D9C6242E778A155CB06
                                                                                                                                                          Function 00406536 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7c02675399a0bdf37bdc61445efe2e7e1f9e00315aa723a0245ab31730003b1c
                                                                                                                                                          • Instruction ID: b96fff7d5f7d7a3acce22531c9ee0269d3bb0e3de6a818f6781017674dff4dd1
                                                                                                                                                          • Opcode Fuzzy Hash: 7c02675399a0bdf37bdc61445efe2e7e1f9e00315aa723a0245ab31730003b1c
                                                                                                                                                          • Instruction Fuzzy Hash: 4DB10374500B409FD3218F24DA81B27BBF1AF46704F14886DE8AB9BB92E339F815CB55
                                                                                                                                                          Function 00437710 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: aa794094e2d7931e889bb668f0dcfba7f774891bc95ed7ab47291d8af308125a
                                                                                                                                                          • Instruction ID: 44b7d84cea08e7986475a3d47f3cfad5f23cc0889081abdfe191033d8084af58
                                                                                                                                                          • Opcode Fuzzy Hash: aa794094e2d7931e889bb668f0dcfba7f774891bc95ed7ab47291d8af308125a
                                                                                                                                                          • Instruction Fuzzy Hash: 4E91B0B560C301ABE720DB15C880B6BBBE5EB89354F54582EF5C487352E738E940CB9A
                                                                                                                                                          Function 0043A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 78da0c8131413ef4c4cbc19ba304276b321bf318c2440ee5cc3d4a1957b04953
                                                                                                                                                          • Instruction ID: 7e4c384aa6ea870db4d5759355310287454a0c5e1b1af17e12eb24b1172a9d36
                                                                                                                                                          • Opcode Fuzzy Hash: 78da0c8131413ef4c4cbc19ba304276b321bf318c2440ee5cc3d4a1957b04953
                                                                                                                                                          • Instruction Fuzzy Hash: B9819D342487018BDB24DF28D880A2FB7E5EF49744F55996DE8C587351E739E820CB9A
                                                                                                                                                          Function 004264F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2dca97a823459e929472c2a021c8a6d04280531cb803b1ef95341649bac63e75
                                                                                                                                                          • Instruction ID: a4f95ead0630ed271b2bf3cdd7048bc745f4c1fc4b9da0b5bf909dba3294f030
                                                                                                                                                          • Opcode Fuzzy Hash: 2dca97a823459e929472c2a021c8a6d04280531cb803b1ef95341649bac63e75
                                                                                                                                                          • Instruction Fuzzy Hash: 8D71F737B29AA04BD3149D7C6C82396AA434BD6334F3EC37AA9B4DB3E5D62D4C064345
                                                                                                                                                          Function 004128E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e275d96278b815e491581dedd06a51bd55da43fc4d90e3e9b3bcebd76db4dc26
                                                                                                                                                          • Instruction ID: afc652344d78be361b2513251c268c363eb9ea0a2b6cc6038bd5ee99aad7db29
                                                                                                                                                          • Opcode Fuzzy Hash: e275d96278b815e491581dedd06a51bd55da43fc4d90e3e9b3bcebd76db4dc26
                                                                                                                                                          • Instruction Fuzzy Hash: A06197B44183508BD311AF18D941A6BBBF0FFA2754F08491EE9C58B361E379D960CB6B
                                                                                                                                                          Function 00417C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3948e84bbe457dcdb03971ad5215fb5ba31e8cb544b634e27b39ffb2d8337786
                                                                                                                                                          • Instruction ID: 6dce8dec64ddbb1208b781dee8f53f586955222c1858caf625471c34a61813db
                                                                                                                                                          • Opcode Fuzzy Hash: 3948e84bbe457dcdb03971ad5215fb5ba31e8cb544b634e27b39ffb2d8337786
                                                                                                                                                          • Instruction Fuzzy Hash: 4651BFB16483089BDB209B24DC82BB773B4EF85354F144959F985CB391F379E881C76A
                                                                                                                                                          Function 00421860 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                                          • Instruction ID: 599c68c7b044b9b00e27a45f40539177584172dfad25ccc77097000dabb9c2f7
                                                                                                                                                          • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                                          • Instruction Fuzzy Hash: 6961D2317093619BD714CE28E58071FBBE2ABE5350FA4C92FE4898B371D278DD81974A
                                                                                                                                                          Function 004282D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1e2586417202196c88ba24da1a53fa455adc6f14e5de85a3b2db8c1969f331c8
                                                                                                                                                          • Instruction ID: f23fb21ec69075795930d18d3a487963f06a1b5da7f9fddcad84f883b72847ca
                                                                                                                                                          • Opcode Fuzzy Hash: 1e2586417202196c88ba24da1a53fa455adc6f14e5de85a3b2db8c1969f331c8
                                                                                                                                                          • Instruction Fuzzy Hash: B4610423B1B9B14BD314953C6C453AAAA831BD2330F7DC36F98B18B3E5DD6E4802434A
                                                                                                                                                          Function 004042FC Relevance: .2, Instructions: 206COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c20ab42707e2535d0f80e2693ef39e3dfa56ddff704f085fbad4eea33dcba6a4
                                                                                                                                                          • Instruction ID: ad6663307b7a5f94421c00495027f8b88cd37cf3d800212502e016e9e6438e88
                                                                                                                                                          • Opcode Fuzzy Hash: c20ab42707e2535d0f80e2693ef39e3dfa56ddff704f085fbad4eea33dcba6a4
                                                                                                                                                          • Instruction Fuzzy Hash: CE81DFB4810B00AFD360EF39D947757BEF4AB06201F404A2EE5EA96695E7306419CBE7
                                                                                                                                                          Function 00544F62 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 18b2e998f049014fb7acbe70587349190edff6141a166e9fa057992bc3a60d2c
                                                                                                                                                          • Instruction ID: 9bc84fb60afefe83ced43a9cbd9465144ceb9a8039e33c0092d8a5581740f635
                                                                                                                                                          • Opcode Fuzzy Hash: 18b2e998f049014fb7acbe70587349190edff6141a166e9fa057992bc3a60d2c
                                                                                                                                                          • Instruction Fuzzy Hash: 135104F3A196209BE318AE1CDC957AAB7D6EF94320F1B463DD6D587380EA34580087D6
                                                                                                                                                          Function 0042E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                          • Instruction ID: 2d9a449448e7ffa83a71982e240f838d370795fab8080bf17f95e0d6a3b449a6
                                                                                                                                                          • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                          • Instruction Fuzzy Hash: 34515DB16087548FE314DF69D49435BBBE1BBC9318F444E2EE4E987350E379DA088B86
                                                                                                                                                          Function 00437520 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ad6b12f03e2bd8a10c6779ba4fb73cbd1bcc507ab7688f218e5cbfc246466144
                                                                                                                                                          • Instruction ID: b0bd43cdc63e1924a3595bf37c6bc1007eeb6d991a51e16f947cc2ad456318fb
                                                                                                                                                          • Opcode Fuzzy Hash: ad6b12f03e2bd8a10c6779ba4fb73cbd1bcc507ab7688f218e5cbfc246466144
                                                                                                                                                          • Instruction Fuzzy Hash: AA51147160C200ABC7249F18DC91B2FB7E2EB89324F289A2DF8D557391D739AC008799
                                                                                                                                                          Function 003F5A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7e40f7a6ab40d5766db50ea8dbafc8b550f9c627f373eec9d5313b8acf640fb3
                                                                                                                                                          • Instruction ID: 324d0e6c4bae24cdaaec079601a9424683f0c3484ca40c77bea9d0e8b2d32643
                                                                                                                                                          • Opcode Fuzzy Hash: 7e40f7a6ab40d5766db50ea8dbafc8b550f9c627f373eec9d5313b8acf640fb3
                                                                                                                                                          • Instruction Fuzzy Hash: 3D51F575A047099FC716DF18C880936BBA1FF85324F16466CFA968B352D730EC52CB92
                                                                                                                                                          Function 0041EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 39df3d8890e19de883a07c542898d8071b87abafe8701ec5b48854806ebb40c8
                                                                                                                                                          • Instruction ID: d464044d83e496214edafbd76b7d0a43c628717b17853f1b0ce5c0d09965710b
                                                                                                                                                          • Opcode Fuzzy Hash: 39df3d8890e19de883a07c542898d8071b87abafe8701ec5b48854806ebb40c8
                                                                                                                                                          • Instruction Fuzzy Hash: E541A378900316DBDF208F55DC91BAEB7B0FF0A340F144559E945AB3A0EB389991CB95
                                                                                                                                                          Function 00439B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1d61fd0b7b7026c8f2529d12aec2bd62fa5d2e366bfa266dfc773a8974704935
                                                                                                                                                          • Instruction ID: 6e34218c3b82ff37b7d149988ceae2fae29b7abfb77bebb6a6960e30dea9c50f
                                                                                                                                                          • Opcode Fuzzy Hash: 1d61fd0b7b7026c8f2529d12aec2bd62fa5d2e366bfa266dfc773a8974704935
                                                                                                                                                          • Instruction Fuzzy Hash: 4A41A134208300ABDB14DF15D990B2BF7E6EB8A714F14A82DF58997351D379EC01CB6A
                                                                                                                                                          Function 00402030 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 65cec541f5ae3ff2a30ff55c2508d667b4168975dfc42fa3ee77eebcbc4a3f70
                                                                                                                                                          • Instruction ID: 3186c53223e5abdd066094b17bb7add8bbc9c971acef74147e68d14e782fed1c
                                                                                                                                                          • Opcode Fuzzy Hash: 65cec541f5ae3ff2a30ff55c2508d667b4168975dfc42fa3ee77eebcbc4a3f70
                                                                                                                                                          • Instruction Fuzzy Hash: 0641F732A083654FD35DCE29849423ABBE2ABC5300F09867EE5D69B3D0DAB88945D785
                                                                                                                                                          Function 00401E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fb56541f06fbb672d6a023ffe1c22e4a27750004c42f999f0c8e79c895fa370c
                                                                                                                                                          • Instruction ID: e31e46e048ffc5847cb2a7492c782c9f52fb3025985e42a828c82be7bd934b59
                                                                                                                                                          • Opcode Fuzzy Hash: fb56541f06fbb672d6a023ffe1c22e4a27750004c42f999f0c8e79c895fa370c
                                                                                                                                                          • Instruction Fuzzy Hash: 9541E27450C3809BD320AB55C888B1EFBF5FB87745F14492DF6C4A7292C37AE8148B6A
                                                                                                                                                          Function 00438D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ae40f44e3277c81667fab797458cad4f7c710ed051bdfcce94bb786c69761282
                                                                                                                                                          • Instruction ID: 19bdb724bd26f436fcfbb4b92982e4e834228c3689ce6163084bfaf4d7828818
                                                                                                                                                          • Opcode Fuzzy Hash: ae40f44e3277c81667fab797458cad4f7c710ed051bdfcce94bb786c69761282
                                                                                                                                                          • Instruction Fuzzy Hash: FB41B13160C3548BC304DF68C49052EFBE6AF9A300F199A1EE4D5973A1CB78DD058B86
                                                                                                                                                          Function 005B2729 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f191c3ccf46696a20491911a569228cff348e21de806a8324ccdee81aa5d2d49
                                                                                                                                                          • Instruction ID: 9857cc8f41b206a0af06a581680f7df2cf294e403a9741dec4fa675aa037216a
                                                                                                                                                          • Opcode Fuzzy Hash: f191c3ccf46696a20491911a569228cff348e21de806a8324ccdee81aa5d2d49
                                                                                                                                                          • Instruction Fuzzy Hash: C13146F354C30C5BE204AE3AEC86027F7D9FB98210F55863EE68283744FD35691A8547
                                                                                                                                                          Function 0040D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8075ab27e811564003875bc05e9bbc4f4a4c118012bb26926fb8744224fe4c2f
                                                                                                                                                          • Instruction ID: fb7910c014bc59cdd463c47ed25b6fcbea3ecbb99444128d299d2f5667ff33fe
                                                                                                                                                          • Opcode Fuzzy Hash: 8075ab27e811564003875bc05e9bbc4f4a4c118012bb26926fb8744224fe4c2f
                                                                                                                                                          • Instruction Fuzzy Hash: EF41D0B5A48385CBD7309F50C841BABB3B0FF96364F04092DE58A9BB91D3788840CB5B
                                                                                                                                                          Function 0042F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                                          • Instruction ID: b77ab200ae1a660e399ca684a83753889cd79b32b735b6ef24385fcc17c74ba1
                                                                                                                                                          • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                                          • Instruction Fuzzy Hash: 4F212832A0812447C3249B59D48193BF7F4EB9AB04F86863ED9C497295E3399C2487D5
                                                                                                                                                          Function 004367EF Relevance: .1, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ab16febc3c173033c959a9b1ac71e3a568cfb146a6bf587219e06d6263900adb
                                                                                                                                                          • Instruction ID: dadf0a3b60d66648a48149778862090af8356e9eed2a3b0076369b4620d722d7
                                                                                                                                                          • Opcode Fuzzy Hash: ab16febc3c173033c959a9b1ac71e3a568cfb146a6bf587219e06d6263900adb
                                                                                                                                                          • Instruction Fuzzy Hash: B9313770518382AAD714DF14C49062FBFF0EF9A784F50A80DF4C8AB261D338D985CB9A
                                                                                                                                                          Function 00415E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7f79755841c543728e551a3b966a970272c9d974a6e1133ae5851e914d3e7c1b
                                                                                                                                                          • Instruction ID: 2c3afd96f8cf92aea23f4d8ae9785040d89bde13552b74bcef44759a9263658a
                                                                                                                                                          • Opcode Fuzzy Hash: 7f79755841c543728e551a3b966a970272c9d974a6e1133ae5851e914d3e7c1b
                                                                                                                                                          • Instruction Fuzzy Hash: B221AD70508300CBD310AF18C8419ABBBF4EF96764F44890DE4D98B391E338C940CBAA
                                                                                                                                                          Function 003F49A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                                          • Instruction ID: 470225a263498d6bd097609294818b25f391107b394bd290e761d2427a9ce928
                                                                                                                                                          • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                                          • Instruction Fuzzy Hash: 1E31E5317583089BDB129E1CD880A3BB7E1EFC4358F19892CEA9A8B251D331DD52CB46
                                                                                                                                                          Function 004364B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6b87cdb1b565fd80455b1a7db25c148ccb8027a3fe2262d6bff931442a21a1bb
                                                                                                                                                          • Instruction ID: d8faaeee522b284477de5ab2f9e3fb2691e7d5041c3eb918815cc12234ec1563
                                                                                                                                                          • Opcode Fuzzy Hash: 6b87cdb1b565fd80455b1a7db25c148ccb8027a3fe2262d6bff931442a21a1bb
                                                                                                                                                          • Instruction Fuzzy Hash: E0217C7450C201ABC704EF19D58092EFBE5FB9A745F29982DE4C493361C338A851CB6A
                                                                                                                                                          Function 0042B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                          • Instruction ID: ef28cddda7051212ce0c5229f622dd6ca0f3d2b62f50406dce74d85500edac38
                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                          • Instruction Fuzzy Hash: 7E11E933B051E50EC3168D3C9440565BFA35AA3334B9D439AF4B49B2D2D7268D8A839A
                                                                                                                                                          Function 00420B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                                          • Instruction ID: 0f7273ba7ab10c04949dba9e522e901ab400dc0e9bb2475273fddbddf4f55ff3
                                                                                                                                                          • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                                          • Instruction Fuzzy Hash: 5F01B1F1B1031687EB309E91A5D0B3BB6E86F84718F88452EE9064B303DB79FC14C699
                                                                                                                                                          Function 0041D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 819f1c44d84a06ec0711e4790486a287a90b1102db324f05292418d4d3863c7d
                                                                                                                                                          • Instruction ID: e79e8991e9358c617ab03a7ecfcda485c1b7c82b5a46364bf00aadc5c5b3d593
                                                                                                                                                          • Opcode Fuzzy Hash: 819f1c44d84a06ec0711e4790486a287a90b1102db324f05292418d4d3863c7d
                                                                                                                                                          • Instruction Fuzzy Hash: 2811EFB0408380AFD3109F618584A1FFBF5EB96714F148C5DF5A45B251C379E855CF5A
                                                                                                                                                          Function 003F6EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f15b8c4af869099bf23edda48f02a73455e7471c1f3ba6e882d4946b8c9c2169
                                                                                                                                                          • Instruction ID: c4683951ce7c09f6cf88f127de9a4854db340695e8d6b7d960882f64861c2a5c
                                                                                                                                                          • Opcode Fuzzy Hash: f15b8c4af869099bf23edda48f02a73455e7471c1f3ba6e882d4946b8c9c2169
                                                                                                                                                          • Instruction Fuzzy Hash: FDF0243A71870E0BA221CDABA88083BB396D7D9354B056539EB40C3211CD72E80281D4
                                                                                                                                                          Function 0042B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                                          • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                                                          • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                                          • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                                                          Function 0040C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                          • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                                                          • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                          • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                                                          Function 0040B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                          • Instruction ID: a440538df35b69aead1eeb0e6d9d1613c83728ee88e634ccc1de915cb71a5f4b
                                                                                                                                                          • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                          • Instruction Fuzzy Hash: CEF0ECB160461057DF229A559CC0F37BB9CCB87354F190437E84567283D2B55945C3ED
                                                                                                                                                          Function 00428220 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 61f115d8d4b76adbd5cab86ecc26a1223d74e0dafa821c280c9c65bb84b4e013
                                                                                                                                                          • Instruction ID: e172301c433a88db18c8290de8f3128dce14f55294929863c1201ae556ca6388
                                                                                                                                                          • Opcode Fuzzy Hash: 61f115d8d4b76adbd5cab86ecc26a1223d74e0dafa821c280c9c65bb84b4e013
                                                                                                                                                          • Instruction Fuzzy Hash: DF01E4B04107009FD360EF29C485747BBE8EB08714F009A1DE8AECB680D774A5448F82
                                                                                                                                                          Function 00431440 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                          • Instruction ID: 1cc25e720dba3a14085872da001693749e7e1abc6657c9584a8d72de95da0b73
                                                                                                                                                          • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                          • Instruction Fuzzy Hash: E6D0A73160832146AF748E19A400977F7F0EACBB11F49A55FF586E3258D234DC41C6AD
                                                                                                                                                          Function 00401ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e07d61963564c50d4927207114a18186ef9174b467d84fa55f62207103cf317d
                                                                                                                                                          • Instruction ID: bc0288f9c25a568533c2e227104100cc0ca3df8ba38ea90832c807e411ec1b66
                                                                                                                                                          • Opcode Fuzzy Hash: e07d61963564c50d4927207114a18186ef9174b467d84fa55f62207103cf317d
                                                                                                                                                          • Instruction Fuzzy Hash: 07C01238A180008BC2048F40B895A36A2B8A36730C710B03ADA02F3262CA20C41A990E
                                                                                                                                                          Function 00436094 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b5365cc0ed12da503d46d526fdeaa85a04336f2f068e64d59cf56d6b6003899c
                                                                                                                                                          • Instruction ID: ed7d29dd0b05af52cb4e535f93b7180e8b144635b0e214e1de01ca7d425b1543
                                                                                                                                                          • Opcode Fuzzy Hash: b5365cc0ed12da503d46d526fdeaa85a04336f2f068e64d59cf56d6b6003899c
                                                                                                                                                          • Instruction Fuzzy Hash: 64C09B3C65C04087910CCF04D952575F3B6DBABF19B34B12EC90623297C134E513951D
                                                                                                                                                          Function 00401A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 203673f8c4c0e45aea5c4437269f593c913ab6a7b4f989b5e55293bfb421e8cd
                                                                                                                                                          • Instruction ID: 9a8648ba7b3c90603588925dfcca16f9f64eefda3335152b825273d205e4462f
                                                                                                                                                          • Opcode Fuzzy Hash: 203673f8c4c0e45aea5c4437269f593c913ab6a7b4f989b5e55293bfb421e8cd
                                                                                                                                                          • Instruction Fuzzy Hash: D5C04C24F590408AC2448E85A891532A2A8532620C710703B9602F7261C560D419990D
                                                                                                                                                          Function 00435FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2217261926.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.0000000000450000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217365559.00000000006FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217686120.00000000006FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217843114.000000000089A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2217864930.000000000089B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_3f0000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 46c742dafc77a5a2960d5682825940e82b7c5b597d0754390a3cfd48b23528ed
                                                                                                                                                          • Instruction ID: 48f133cb6906bd7c052751911c320068bb1fa2712ab26ae442ed365dd9b38339
                                                                                                                                                          • Opcode Fuzzy Hash: 46c742dafc77a5a2960d5682825940e82b7c5b597d0754390a3cfd48b23528ed
                                                                                                                                                          • Instruction Fuzzy Hash: 0BC09B2876804047924CCF14DD52635F2B6DB97D19714B13DC90563257D134E511850C