Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1528485
MD5:4b701c6c6316241b700854f6ee0f1ef3
SHA1:3570b6e5a2595e4ce6f4763652501d33c42a8299
SHA256:4c6375bc022f9d994a0038a84f148d1cba6979e4ebb4aa6ecf6b8a074c507f9a
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6040 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4B701C6C6316241B700854F6EE0F1EF3)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["eaglepawnoy.stor", "spirittunek.stor", "mobbipenju.stor", "bathdoomgaz.stor", "licendfilteo.site", "dissapoiznw.stor", "clearancek.site", "studennotediw.stor"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:20.523260+020020546531A Network Trojan was detected192.168.2.949706172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:20.523260+020020498361A Network Trojan was detected192.168.2.949706172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:17.960085+020020564771Domain Observed Used for C2 Detected192.168.2.9616181.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:17.897273+020020564711Domain Observed Used for C2 Detected192.168.2.9565551.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:17.935421+020020564811Domain Observed Used for C2 Detected192.168.2.9652441.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:17.923430+020020564831Domain Observed Used for C2 Detected192.168.2.9496611.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:18.006592+020020564731Domain Observed Used for C2 Detected192.168.2.9551521.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:17.909372+020020564851Domain Observed Used for C2 Detected192.168.2.9558481.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:17.991565+020020564751Domain Observed Used for C2 Detected192.168.2.9564121.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T00:13:17.948701+020020564791Domain Observed Used for C2 Detected192.168.2.9513721.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/badgesURL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.6040.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["eaglepawnoy.stor", "spirittunek.stor", "mobbipenju.stor", "bathdoomgaz.stor", "licendfilteo.site", "dissapoiznw.stor", "clearancek.site", "studennotediw.stor"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.9:49705 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.9:49706 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0053D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0053D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_005763B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0057695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_005799D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0053FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00574040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00531000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0056F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00546F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00576094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0055D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00552260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00552260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_005442FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0053A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_005623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_005623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_005623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_005623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_005623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_005623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0054D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00571440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0055C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0054B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0055E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_005764B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00559510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00546536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00577520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00538590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0056B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0055E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00577710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00575700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_005767EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0055D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_005528E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0054D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00573920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_005349A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00535A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00574A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00541A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00541ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00579B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0054DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0054DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00543BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00541BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00560B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0055EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00557C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0056FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0055CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0055CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0055CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00579CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00579CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0055AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0055AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0055FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0055DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00578D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0055AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00555E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00557E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00544E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00540EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00541E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0053BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00546EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00536EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0056FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00559F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00575FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00538FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0054FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00577FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00577FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00546F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.9:56412 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.9:49661 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.9:51372 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.9:56555 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.9:65244 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.9:55848 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.9:61618 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.9:55152 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49706 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49706 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: eaglepawnoy.stor
    Source: Malware configuration extractorURLs: spirittunek.stor
    Source: Malware configuration extractorURLs: mobbipenju.stor
    Source: Malware configuration extractorURLs: bathdoomgaz.stor
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: dissapoiznw.stor
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: studennotediw.stor
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: / https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: / https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secu equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secu equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ne' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.1527870757.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518125314.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528599176.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/pub
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/8
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiA
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/p
    Source: file.exe, 00000000.00000003.1518125314.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528482040.0000000000B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.1527870757.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518125314.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528599176.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000002.1528482040.0000000000B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/r(I/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.9:49705 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.9:49706 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005402280_2_00540228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005740400_2_00574040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005310000_2_00531000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005420300_2_00542030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057A0D00_2_0057A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005351600_2_00535160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA1190_2_006FA119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005371F00_2_005371F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053E1A00_2_0053E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066E20D0_2_0066E20D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005682D00_2_005682D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005612D00_2_005612D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005312F70_2_005312F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E229C0_2_006E229C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E52970_2_006E5297
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053A3000_2_0053A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005623E00_2_005623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005313A30_2_005313A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053B3A00_2_0053B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007044640_2_00704464
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055C4700_2_0055C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005664F00_2_005664F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054049B0_2_0054049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005444870_2_00544487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD5750_2_007DD575
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054C5F00_2_0054C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005385900_2_00538590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005335B00_2_005335B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007095940_2_00709594
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005786520_2_00578652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053164F0_2_0053164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056F6200_2_0056F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005786F00_2_005786F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FD7410_2_006FD741
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053A8500_2_0053A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005618600_2_00561860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056B8C00_2_0056B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A98920_2_007A9892
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056E8A00_2_0056E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EF9CC0_2_006EF9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055098B0_2_0055098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005789A00_2_005789A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00574A400_2_00574A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00707A140_2_00707A14
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00578A800_2_00578A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00577AB00_2_00577AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064FA980_2_0064FA98
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00673B620_2_00673B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00706B5D0_2_00706B5D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054DB6F0_2_0054DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061BB1B0_2_0061BB1B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00537BF00_2_00537BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00578C020_2_00578C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005C3CDD0_2_005C3CDD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055CCD00_2_0055CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FBCBF0_2_006FBCBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00576CBF0_2_00576CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00558D620_2_00558D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055FD100_2_0055FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055DD290_2_0055DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00700DEE0_2_00700DEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055AE570_2_0055AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00578E700_2_00578E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00544E2A0_2_00544E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053BEB00_2_0053BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00546EBF0_2_00546EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053AF100_2_0053AF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00538FD00_2_00538FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00577FC00_2_00577FC0
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0053CAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0054D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995358910891089
    Source: file.exeStatic PE information: Section: lkgxlqgb ZLIB complexity 0.9949261662725053
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00568220 CoCreateInstance,0_2_00568220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 1847808 > 1048576
    Source: file.exeStatic PE information: Raw size of lkgxlqgb is bigger than: 0x100000 < 0x199a00

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.530000.0.unpack :EW;.rsrc :W;.idata :W; :EW;lkgxlqgb:EW;oazzzkxz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;lkgxlqgb:EW;oazzzkxz:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d26d3 should be: 0x1c40f3
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: lkgxlqgb
    Source: file.exeStatic PE information: section name: oazzzkxz
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073007D push 5625EDEEh; mov dword ptr [esp], edi0_2_00730103
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B3057 push 2562DB96h; mov dword ptr [esp], ebx0_2_007B30E2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E704D push 348EF671h; mov dword ptr [esp], edi0_2_007E7067
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E2044 push edx; mov dword ptr [esp], ecx0_2_007E20A1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825009 push 730BCD70h; mov dword ptr [esp], ebp0_2_0082506D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CC0A8 push ebp; mov dword ptr [esp], eax0_2_007CC0B3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068D161 push edi; mov dword ptr [esp], ecx0_2_0068D189
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068D161 push ebp; mov dword ptr [esp], edx0_2_0068D1AE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AA162 push 28537C69h; mov dword ptr [esp], edi0_2_007AA16A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B2153 push 463E61C5h; mov dword ptr [esp], edi0_2_007B2174
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B2153 push eax; mov dword ptr [esp], esi0_2_007B218A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C612D push ebx; mov dword ptr [esp], 7E93CA54h0_2_007C6168
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C612D push edx; mov dword ptr [esp], eax0_2_007C61C4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073112E push ebx; mov dword ptr [esp], edx0_2_00731173
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073112E push 0CF8BAD2h; mov dword ptr [esp], esi0_2_007311DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073112E push eax; mov dword ptr [esp], 3606A490h0_2_00731212
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073112E push eax; mov dword ptr [esp], 05798048h0_2_00731283
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push 020EC592h; mov dword ptr [esp], esi0_2_006FA1D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push eax; mov dword ptr [esp], edx0_2_006FA1D4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push 78D4A43Fh; mov dword ptr [esp], edi0_2_006FA2A5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push 3029A238h; mov dword ptr [esp], ebx0_2_006FA2CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push ebp; mov dword ptr [esp], 48F87CA1h0_2_006FA36C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push ecx; mov dword ptr [esp], edx0_2_006FA437
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push esi; mov dword ptr [esp], edi0_2_006FA5D1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push 4D696EA0h; mov dword ptr [esp], edi0_2_006FA640
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push 4F4BEE7Eh; mov dword ptr [esp], eax0_2_006FA68C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push edx; mov dword ptr [esp], esi0_2_006FA706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push 795F3EE4h; mov dword ptr [esp], esp0_2_006FA728
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push ebp; mov dword ptr [esp], eax0_2_006FA752
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push 0B45EDABh; mov dword ptr [esp], esi0_2_006FA7D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FA119 push ecx; mov dword ptr [esp], 1FBA45EBh0_2_006FA7D9
    Source: file.exeStatic PE information: section name: entropy: 7.976365850464457
    Source: file.exeStatic PE information: section name: lkgxlqgb entropy: 7.953726865984964

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70EFDD second address: 70EFEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jc 00007F55F92EB39Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70DFE0 second address: 70DFE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70E451 second address: 70E45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jbe 00007F55F92EB396h 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70E70E second address: 70E712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70E712 second address: 70E730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB3A5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70E730 second address: 70E73C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F55F8FF8496h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70E73C second address: 70E74F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB39Eh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70E88B second address: 70E891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711952 second address: 711957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711957 second address: 71195D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71195D second address: 711961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711961 second address: 7119A4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F55F8FF84A0h 0x00000012 nop 0x00000013 push esi 0x00000014 jng 00007F55F8FF849Ch 0x0000001a pop esi 0x0000001b push 00000000h 0x0000001d adc esi, 563EF3F0h 0x00000023 push B3531AFBh 0x00000028 push eax 0x00000029 push edx 0x0000002a push ecx 0x0000002b ja 00007F55F8FF8496h 0x00000031 pop ecx 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711B1B second address: 711B97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007F55F92EB396h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e jmp 00007F55F92EB3A7h 0x00000013 pop esi 0x00000014 nop 0x00000015 call 00007F55F92EB3A6h 0x0000001a add dword ptr [ebp+122D1C41h], ebx 0x00000020 pop ecx 0x00000021 push 00000000h 0x00000023 mov si, di 0x00000026 call 00007F55F92EB399h 0x0000002b push ecx 0x0000002c jng 00007F55F92EB398h 0x00000032 pushad 0x00000033 popad 0x00000034 pop ecx 0x00000035 push eax 0x00000036 jmp 00007F55F92EB3A6h 0x0000003b mov eax, dword ptr [esp+04h] 0x0000003f push eax 0x00000040 push edx 0x00000041 push ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711B97 second address: 711B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711B9C second address: 711BB4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007F55F92EB396h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 je 00007F55F92EB396h 0x00000017 pop edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711BB4 second address: 711BBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711BBA second address: 711BD6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 jnp 00007F55F92EB398h 0x00000017 push esi 0x00000018 pop esi 0x00000019 push edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711CF2 second address: 711D15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 pushad 0x00000009 mov edi, dword ptr [ebp+122D29A4h] 0x0000000f or edx, dword ptr [ebp+122D1A87h] 0x00000015 popad 0x00000016 push 00000000h 0x00000018 push 3DC76885h 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 pop edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711D15 second address: 711D6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F55F92EB396h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xor dword ptr [esp], 3DC76805h 0x00000015 call 00007F55F92EB3A8h 0x0000001a mov ecx, dword ptr [ebp+122D2A1Ch] 0x00000020 pop edi 0x00000021 push 00000003h 0x00000023 push 00000000h 0x00000025 sub dword ptr [ebp+122D2D75h], esi 0x0000002b push 00000003h 0x0000002d mov edx, dword ptr [ebp+122D28A8h] 0x00000033 push 4DECA92Eh 0x00000038 jnl 00007F55F92EB3A4h 0x0000003e push eax 0x0000003f push edx 0x00000040 push ecx 0x00000041 pop ecx 0x00000042 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711D6A second address: 711D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FB7BE second address: 6FB7C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FB7C4 second address: 6FB7C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FB7C8 second address: 6FB7D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F216 second address: 72F233 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F55F8FF84A5h 0x0000000e jmp 00007F55F8FF849Dh 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F3A4 second address: 72F3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 js 00007F55F92EB398h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F3B3 second address: 72F3D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F55F8FF849Eh 0x00000008 ja 00007F55F8FF8496h 0x0000000e popad 0x0000000f push ecx 0x00000010 jmp 00007F55F8FF849Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F579 second address: 72F59D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F55F92EB3A7h 0x0000000a jc 00007F55F92EB396h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F59D second address: 72F5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F5A6 second address: 72F5AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F5AC second address: 72F5B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F701 second address: 72F719 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F55F92EB3A0h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F9C1 second address: 72F9CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72F9CB second address: 72F9D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72FB12 second address: 72FB18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72FB18 second address: 72FB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F55F92EB396h 0x0000000a popad 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jmp 00007F55F92EB3A1h 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7269DD second address: 726A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F55F8FF849Fh 0x0000000a js 00007F55F8FF8496h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F55F8FF849Bh 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 726A09 second address: 726A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7305A1 second address: 7305B1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7305B1 second address: 7305CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7305CD second address: 7305D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7305D3 second address: 7305D8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7305D8 second address: 7305DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 730745 second address: 73074B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73074B second address: 73077B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F55F8FF8496h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F55F8FF84A1h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 push edx 0x00000015 jbe 00007F55F8FF8496h 0x0000001b pushad 0x0000001c popad 0x0000001d pop edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 push edx 0x00000023 pop edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7308CA second address: 7308F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F55F92EB396h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F55F92EB3A8h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7308F3 second address: 7308F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7308F7 second address: 730907 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 730907 second address: 73090B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 730A39 second address: 730A6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F55F92EB3BBh 0x0000000c jmp 00007F55F92EB3A0h 0x00000011 jmp 00007F55F92EB3A5h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 700945 second address: 700954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF849Bh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FED62 second address: 6FED73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jc 00007F55F92EB396h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FED73 second address: 6FEDA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F55F8FF84A2h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F55F8FF84A1h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FEDA2 second address: 6FEDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FEDA6 second address: 6FEDBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F55F8FF84A0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73C389 second address: 73C3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 jnp 00007F55F92EB39Eh 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73C6BC second address: 73C6E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F8FF84A8h 0x00000009 jmp 00007F55F8FF84A0h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CB13 second address: 73CB17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CB17 second address: 73CB1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CCCC second address: 73CCDF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F55F92EB39Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CCDF second address: 73CCEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CCEA second address: 73CCF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CCF8 second address: 73CD01 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CD01 second address: 73CD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F55F92EB396h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73EFD2 second address: 73EFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73F947 second address: 73F95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F92EB3A1h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73F9A8 second address: 73F9B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73FC99 second address: 73FC9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73FE0E second address: 73FE1A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 741252 second address: 741259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 741259 second address: 741272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jp 00007F55F8FF849Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 741272 second address: 741278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742168 second address: 74216C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7457D4 second address: 7457DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74659F second address: 7465B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F8FF849Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74730F second address: 747313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74A9A7 second address: 74A9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74A9AD second address: 74A9B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D22E second address: 74D234 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74E7D1 second address: 74E828 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F55F92EB3A7h 0x0000000f nop 0x00000010 movsx edi, cx 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+12470BFEh], edi 0x0000001b push 00000000h 0x0000001d je 00007F55F92EB399h 0x00000023 movzx ebx, ax 0x00000026 mov di, dx 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c je 00007F55F92EB398h 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 750DB5 second address: 750DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007F55F8FF849Ch 0x0000000d jl 00007F55F8FF8496h 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 751D0D second address: 751D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 751D11 second address: 751D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 753BE8 second address: 753C70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F55F92EB398h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov ebx, 50BB02EDh 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F55F92EB398h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov edi, dword ptr [ebp+122D2874h] 0x0000004c sub dword ptr [ebp+122D2752h], ecx 0x00000052 xchg eax, esi 0x00000053 jns 00007F55F92EB3A7h 0x00000059 jmp 00007F55F92EB3A1h 0x0000005e push eax 0x0000005f pushad 0x00000060 push ebx 0x00000061 jmp 00007F55F92EB39Eh 0x00000066 pop ebx 0x00000067 push eax 0x00000068 push edx 0x00000069 push ecx 0x0000006a pop ecx 0x0000006b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 753C70 second address: 753C74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 752D2F second address: 752D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F55F92EB396h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 755D38 second address: 755D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F55F8FF849Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 757D1B second address: 757D20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 756E32 second address: 756E4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F8FF84A4h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 757E63 second address: 757E6D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F55F92EB39Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 758C5C second address: 758CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 jmp 00007F55F8FF84A2h 0x0000000c nop 0x0000000d jg 00007F55F8FF849Ch 0x00000013 jp 00007F55F8FF8496h 0x00000019 push 00000000h 0x0000001b mov edi, dword ptr [ebp+122D1837h] 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ecx 0x00000026 call 00007F55F8FF8498h 0x0000002b pop ecx 0x0000002c mov dword ptr [esp+04h], ecx 0x00000030 add dword ptr [esp+04h], 00000017h 0x00000038 inc ecx 0x00000039 push ecx 0x0000003a ret 0x0000003b pop ecx 0x0000003c ret 0x0000003d mov edi, 4CFD152Fh 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 jng 00007F55F8FF849Ch 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 758CC1 second address: 758CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 758DB9 second address: 758DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 759D7A second address: 759D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75AC5D second address: 75AC63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 758DBD second address: 758DF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F92EB3A5h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F55F92EB3A3h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 758DF4 second address: 758DF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75AD99 second address: 75AD9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75AD9F second address: 75ADB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF849Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75ADB4 second address: 75AE38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 jne 00007F55F92EB396h 0x0000000c pop ecx 0x0000000d popad 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F55F92EB398h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 call 00007F55F92EB39Ch 0x0000002e mov dword ptr [ebp+12451D2Eh], edx 0x00000034 pop edi 0x00000035 xor ebx, 4EBBAEA1h 0x0000003b push dword ptr fs:[00000000h] 0x00000042 mov bx, di 0x00000045 mov dword ptr fs:[00000000h], esp 0x0000004c mov bh, BDh 0x0000004e jmp 00007F55F92EB39Ah 0x00000053 mov eax, dword ptr [ebp+122D125Dh] 0x00000059 push FFFFFFFFh 0x0000005b push eax 0x0000005c ja 00007F55F92EB39Ch 0x00000062 pop edi 0x00000063 nop 0x00000064 push eax 0x00000065 push edx 0x00000066 jns 00007F55F92EB398h 0x0000006c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75AE38 second address: 75AE42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F55F8FF8496h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E35D second address: 75E37A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75AE42 second address: 75AE55 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75AE55 second address: 75AE5B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765AC9 second address: 765ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765ACD second address: 765AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F92EB3A4h 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F55F92EB396h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765AF1 second address: 765AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765DDF second address: 765DE9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F55F92EB3ADh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765DE9 second address: 765E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF84A1h 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F55F8FF84A0h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765E1C second address: 765E20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765E20 second address: 765E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F8FF849Ah 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765E30 second address: 765E57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A7h 0x00000007 jo 00007F55F92EB3A2h 0x0000000d jc 00007F55F92EB396h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B2E0 second address: 76B2E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B3DD second address: 76B3E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B3E1 second address: 76B3E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B3E7 second address: 76B3FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F92EB3A2h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B3FD second address: 76B468 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F55F8FF849Fh 0x00000014 jng 00007F55F8FF8496h 0x0000001a popad 0x0000001b push edx 0x0000001c jmp 00007F55F8FF84A7h 0x00000021 pop edx 0x00000022 popad 0x00000023 mov eax, dword ptr [esp+04h] 0x00000027 pushad 0x00000028 jmp 00007F55F8FF84A2h 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F55F8FF84A3h 0x00000034 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B468 second address: 76B46C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B46C second address: 76B47E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jo 00007F55F8FF849Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B47E second address: 76B486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B58A second address: 76B594 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B594 second address: 76B59E instructions: 0x00000000 rdtsc 0x00000002 js 00007F55F92EB39Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B676 second address: 76B697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F55F8FF8496h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F55F8FF849Ah 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B697 second address: 76B69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B69B second address: 76B6A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77111A second address: 77114C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F55F92EB39Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77087A second address: 7708B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 jmp 00007F55F8FF84A7h 0x0000000c jmp 00007F55F8FF84A2h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 push ebx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 770B84 second address: 770B92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F55F92EB396h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 770D20 second address: 770D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 770E9D second address: 770EA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F55F92EB396h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 770EA7 second address: 770EAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77AD19 second address: 77AD1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 705A66 second address: 705A78 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F55F8FF8496h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A60D second address: 77A611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A611 second address: 77A617 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A617 second address: 77A629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F55F92EB39Ah 0x0000000c pop ecx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A790 second address: 77A794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78042C second address: 78043D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F55F92EB39Ah 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77EDB7 second address: 77EDBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F098 second address: 77F0AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F0AA second address: 77F0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F4D1 second address: 77F4D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F4D9 second address: 77F4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F4DD second address: 77F4E7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F55F92EB396h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F653 second address: 77F657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F657 second address: 77F6BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F92EB3A7h 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jbe 00007F55F92EB396h 0x00000014 jmp 00007F55F92EB3A7h 0x00000019 jmp 00007F55F92EB3A4h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F55F92EB39Dh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F6BA second address: 77F6BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F6BE second address: 77F6D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F55F92EB39Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F6D6 second address: 77F6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F55F8FF849Ch 0x0000000b jg 00007F55F8FF8496h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007F55F8FF8496h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F888 second address: 77F88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F9EC second address: 77F9F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77F9F0 second address: 77FA11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a jno 00007F55F92EB398h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F55F92EB39Bh 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77FA11 second address: 77FA47 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jp 00007F55F8FF8496h 0x0000000f jmp 00007F55F8FF84A6h 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F55F8FF849Ch 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77FA47 second address: 77FA4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77FCF6 second address: 77FCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77FCFC second address: 77FD02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77FE48 second address: 77FE4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 727400 second address: 72740A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72740A second address: 727417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jne 00007F55F8FF849Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7802BE second address: 7802CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F55F92EB396h 0x0000000a jo 00007F55F92EB396h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7802CE second address: 7802D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7802D4 second address: 7802EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F55F92EB3A6h 0x0000000e ja 00007F55F92EB39Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77EAEE second address: 77EAFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F55F8FF8496h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 787852 second address: 787897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB3A6h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F55F92EB3A7h 0x00000011 jmp 00007F55F92EB3A1h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 787897 second address: 78789B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786745 second address: 78674A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78674A second address: 786765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F55F8FF84A1h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DC9B second address: 73DC9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DD3D second address: 73DD42 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DE49 second address: 73DE81 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], esi 0x0000000e mov cx, di 0x00000011 nop 0x00000012 jmp 00007F55F92EB3A2h 0x00000017 push eax 0x00000018 pushad 0x00000019 push ecx 0x0000001a jmp 00007F55F92EB39Ch 0x0000001f pop ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DE81 second address: 73DE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DE85 second address: 73DE89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DF36 second address: 73DF3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DF3A second address: 73DF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a jnc 00007F55F92EB396h 0x00000010 pop edi 0x00000011 ja 00007F55F92EB39Ch 0x00000017 popad 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push edi 0x0000001d jmp 00007F55F92EB3A2h 0x00000022 pop edi 0x00000023 mov eax, dword ptr [eax] 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DF77 second address: 73DF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DF7B second address: 73DF98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F92EB39Dh 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DF98 second address: 73DF9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786D24 second address: 786D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 787267 second address: 787279 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F55F8FF849Bh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 787279 second address: 787282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 787282 second address: 787288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 787288 second address: 78728C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78740E second address: 787418 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 789961 second address: 789967 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 789967 second address: 78996D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78996D second address: 789971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 789971 second address: 789985 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F55F8FF8496h 0x00000008 jo 00007F55F8FF8496h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 789985 second address: 789989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 789989 second address: 78998D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 789ADA second address: 789AE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78C593 second address: 78C5B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jbe 00007F55F8FF849Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78C701 second address: 78C705 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7905E0 second address: 7905F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F55F8FF8498h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7905F2 second address: 7905F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7905F8 second address: 7905FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7905FC second address: 790642 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 pushad 0x00000013 jns 00007F55F92EB396h 0x00000019 jmp 00007F55F92EB39Dh 0x0000001e jmp 00007F55F92EB3A1h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 790642 second address: 790648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 790648 second address: 79064C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79064C second address: 790650 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 790C1B second address: 790C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 790D94 second address: 790D99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 790D99 second address: 790D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 790D9F second address: 790DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7939F9 second address: 7939FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7939FF second address: 793A07 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 793B60 second address: 793B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 793B64 second address: 793B68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 793B68 second address: 793B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 793B6E second address: 793B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F55F8FF8496h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79403B second address: 794068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jnc 00007F55F92EB396h 0x00000014 popad 0x00000015 jmp 00007F55F92EB3A8h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 794068 second address: 79407A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F8FF849Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 798804 second address: 798818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jne 00007F55F92EB396h 0x0000000c jbe 00007F55F92EB396h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 798968 second address: 798971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 798971 second address: 798975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A0233 second address: 7A0239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A08C0 second address: 7A08CD instructions: 0x00000000 rdtsc 0x00000002 je 00007F55F92EB398h 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A1118 second address: 7A1120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A1120 second address: 7A1125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A1125 second address: 7A112B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A13DF second address: 7A13E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A13E5 second address: 7A13E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A13E9 second address: 7A13ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A16D2 second address: 7A16D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A16D6 second address: 7A16DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A16DF second address: 7A16E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A16E7 second address: 7A16EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A19AA second address: 7A19C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F55F8FF8496h 0x0000000a pop edi 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007F55F8FF8496h 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A19C2 second address: 7A19F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A2h 0x00000007 jmp 00007F55F92EB3A5h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F55F92EB39Ah 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A1CC7 second address: 7A1CE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F55F8FF8498h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F55F8FF849Dh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A4F6F second address: 7A4F75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A54A2 second address: 7A54A8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A54A8 second address: 7A54B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A54B1 second address: 7A54DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F55F8FF8496h 0x0000000a jmp 00007F55F8FF84A8h 0x0000000f popad 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A54DA second address: 7A551B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007F55F92EB3ABh 0x0000000f jmp 00007F55F92EB39Bh 0x00000014 je 00007F55F92EB39Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A5679 second address: 7A569C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 jmp 00007F55F8FF84A6h 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AA0DA second address: 7AA0EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B32DE second address: 7B32E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B32E3 second address: 7B32E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B32E9 second address: 7B32ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B12FB second address: 7B1303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1444 second address: 7B144A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B144A second address: 7B145A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F55F92EB396h 0x00000008 je 00007F55F92EB396h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B145A second address: 7B1470 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF849Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1470 second address: 7B1474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1474 second address: 7B147A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B175D second address: 7B1761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1761 second address: 7B176B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B18EA second address: 7B18F4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1A3C second address: 7B1A42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1B97 second address: 7B1B9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B2031 second address: 7B205A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F55F8FF849Ch 0x0000000e jmp 00007F55F8FF84A2h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B205A second address: 7B207C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jmp 00007F55F92EB3A5h 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B207C second address: 7B2080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B287B second address: 7B287F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B287F second address: 7B2885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B2885 second address: 7B288B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B288B second address: 7B2890 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B57AE second address: 7B57B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B57B2 second address: 7B57CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B9D2B second address: 7B9D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B9D2F second address: 7B9D33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5D4F second address: 7C5D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007F55F92EB3A7h 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5D71 second address: 7C5D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5D77 second address: 7C5D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5D83 second address: 7C5D9F instructions: 0x00000000 rdtsc 0x00000002 js 00007F55F8FF8496h 0x00000008 jmp 00007F55F8FF849Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5D9F second address: 7C5DA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5EFE second address: 7C5F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F55F8FF84A6h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C914B second address: 7C9175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop esi 0x0000000c jmp 00007F55F92EB3A9h 0x00000011 popad 0x00000012 push edx 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C8FAE second address: 7C8FB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C8FB2 second address: 7C8FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C8FBC second address: 7C8FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBDC1 second address: 7CBDCB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F55F92EB396h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB8B7 second address: 7CB8CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB8CE second address: 7CB8F8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F55F92EB3A2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F55F92EB39Fh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB8F8 second address: 7CB913 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBAAA second address: 7CBAAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBAAE second address: 7CBAB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBAB4 second address: 7CBABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBABA second address: 7CBAC1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D2647 second address: 7D264B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D264B second address: 7D26A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A8h 0x00000007 jmp 00007F55F8FF84A0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007F55F8FF84B4h 0x00000014 jmp 00007F55F8FF84A8h 0x00000019 jng 00007F55F8FF8496h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D26A0 second address: 7D26A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D26A6 second address: 7D26CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jne 00007F55F8FF8496h 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D26CC second address: 7D26DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jc 00007F55F92EB396h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D26DA second address: 7D26EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F55F8FF8496h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E178F second address: 7E17A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F55F92EB3A1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E1BEA second address: 7E1C05 instructions: 0x00000000 rdtsc 0x00000002 je 00007F55F8FF849Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jc 00007F55F8FF849Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E1D3D second address: 7E1D57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F55F92EB396h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E1ED2 second address: 7E1EDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E1EDB second address: 7E1EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E2A85 second address: 7E2ABA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F55F8FF84A7h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F55F8FF84A0h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E6755 second address: 7E6766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB39Dh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E6286 second address: 7E62A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E62A4 second address: 7E62C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F55F92EB39Eh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E62C4 second address: 7E62CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E6458 second address: 7E6481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB39Bh 0x00000009 pop edi 0x0000000a push edi 0x0000000b jmp 00007F55F92EB3A5h 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop edi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E6481 second address: 7E6491 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF849Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F63C7 second address: 7F63CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F63CC second address: 7F63D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FAF82 second address: 7FAFB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F55F92EB3A5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d push esi 0x0000000e jmp 00007F55F92EB3A5h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FAFB7 second address: 7FAFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F55F8FF8496h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FAFC6 second address: 7FAFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FAFCA second address: 7FAFCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC644 second address: 7FC661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F55F92EB3A4h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC661 second address: 7FC66A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC66A second address: 7FC69B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Dh 0x00000007 jnl 00007F55F92EB396h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F55F92EB3A5h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80BE82 second address: 80BE9E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F55F8FF84A7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80BE9E second address: 80BEAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F55F92EB396h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80BEAD second address: 80BEC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F55F8FF8496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80BEC0 second address: 80BEC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80BEC6 second address: 80BECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80BECA second address: 80BECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 825793 second address: 8257B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF84A8h 0x00000009 pop edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8257B0 second address: 8257D0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F55F92EB3A2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F55F92EB398h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8257D0 second address: 8257E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F55F8FF849Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8245F8 second address: 82460E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F55F92EB3A1h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 824797 second address: 82479D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82479D second address: 8247A7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82492B second address: 82493A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF849Bh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82493A second address: 824942 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 824942 second address: 824955 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007F55F8FF8496h 0x00000009 jnc 00007F55F8FF8496h 0x0000000f pop ebx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 824A9C second address: 824AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jns 00007F55F92EB3AEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 824AAB second address: 824AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF84A2h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 824F14 second address: 824F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F55F92EB396h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8250B9 second address: 8250BE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 825473 second address: 8254A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F55F92EB3A7h 0x00000008 jmp 00007F55F92EB3A3h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8254A4 second address: 8254CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F55F8FF84ACh 0x0000000b jmp 00007F55F8FF84A4h 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8254CC second address: 8254F5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F55F92EB3A9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F55F92EB396h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8254F5 second address: 8254F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8254F9 second address: 8254FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 829876 second address: 82987C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82987C second address: 829880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82B302 second address: 82B31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F55F8FF84A1h 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50DB8 second address: 4A50DFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 call 00007F55F92EB3A3h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ecx, dword ptr [eax+00000FDCh] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push eax 0x00000018 pop edx 0x00000019 pushfd 0x0000001a jmp 00007F55F92EB39Ch 0x0000001f or cx, 2F98h 0x00000024 jmp 00007F55F92EB39Bh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50DFE second address: 4A50E54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b jmp 00007F55F8FF849Eh 0x00000010 jns 00007F55F8FF850Fh 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F55F8FF849Eh 0x0000001d and ah, 00000058h 0x00000020 jmp 00007F55F8FF849Bh 0x00000025 popfd 0x00000026 push eax 0x00000027 push edx 0x00000028 mov al, 0Fh 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50E54 second address: 4A50E65 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add eax, ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c mov ebx, 6CE451CCh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50E65 second address: 4A50EF9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F55F8FF84A5h 0x00000008 or cx, 52A6h 0x0000000d jmp 00007F55F8FF84A1h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 call 00007F55F8FF84A0h 0x0000001a mov ebx, esi 0x0000001c pop eax 0x0000001d popad 0x0000001e mov eax, dword ptr [eax+00000860h] 0x00000024 pushad 0x00000025 jmp 00007F55F8FF84A6h 0x0000002a popad 0x0000002b test eax, eax 0x0000002d pushad 0x0000002e mov ebx, eax 0x00000030 mov bx, si 0x00000033 popad 0x00000034 je 00007F566996E324h 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d mov bh, 9Fh 0x0000003f pushfd 0x00000040 jmp 00007F55F8FF849Ah 0x00000045 sub cx, 0D08h 0x0000004a jmp 00007F55F8FF849Bh 0x0000004f popfd 0x00000050 popad 0x00000051 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 736D19 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7606F6 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 593ADB instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7BF6EC instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 4648Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.1528482040.0000000000B3E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWCRf.
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00575BB0 LdrInitializeThunk,0_2_00575BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ]Program Manager
    Source: file.exeBinary or memory string: (S]Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/badges100%URL Reputationmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		unknown
      sergei-esenin.com
      		172.67.206.204
      		truetrue
        		unknown
        eaglepawnoy.store
        		unknown
        		unknownfalse
          		unknown
          bathdoomgaz.store
          		unknown
          		unknownfalse
            		unknown
            spirittunek.store
            		unknown
            		unknownfalse
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknownfalse
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknownfalse
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknownfalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.stortrue
                          		unknown
                          mobbipenju.stortrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                            • URL Reputation: malware
                            		unknown
                            bathdoomgaz.stortrue
                              		unknown
                              dissapoiznw.stortrue
                                		unknown
                                spirittunek.stortrue
                                  		unknown
                                  eaglepawnoy.stortrue
                                    		unknown
                                    clearancek.sitetrue
                                      		unknown
                                      licendfilteo.sitetrue
                                        		unknown
                                        https://sergei-esenin.com/apitrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://player.vimeo.comfile.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://sergei-esenin.com/file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.youtube.comfile.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.google.comfile.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://s.ytimg.com;file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://steam.tv/file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://steamcommunity.com/pfile.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://sketchfab.comfile.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://lv.queniujq.cnfile.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.1527870757.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518125314.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528599176.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmptrue
                                                          • URL Reputation: malware
                                                          		unknown
                                                          https://www.youtube.com/file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/pubfile.exe, 00000000.00000003.1527870757.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518125314.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528599176.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://www.google.com/recaptcha/file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://checkout.steampowered.com/file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/;file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/about/file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://steamcommunity.com/r(I/file.exe, 00000000.00000002.1528482040.0000000000B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfmfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://help.steampowered.com/en/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://steamcommunity.com/market/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://store.steampowered.com/news/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://sergei-esenin.com/8file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://sergei-esenin.com/apiAfile.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://store.steampowered.com/stats/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://medal.tvfile.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://login.steampowered.com/file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://store.steampowered.com/legal/file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&amp;l=efile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://recaptcha.netfile.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://127.0.0.1:27060file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://help.steampowered.com/file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://api.steampowered.com/file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/mobilefile.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://steamcommunity.com/file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=englfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://steamcommunity.com/profiles/76561199724331900/badgesfile.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                        • URL Reputation: malware
                                                                                                        		unknown

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        104.102.49.254
                                                                                                        		steamcommunity.comUnited States
                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                        172.67.206.204
                                                                                                        		sergei-esenin.comUnited States
                                                                                                        		13335CLOUDFLARENETUStrue

                                                                                                        General Information

                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1528485
                                                                                                        Start date and time:2024-10-08 00:12:07 +02:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 3m 20s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:2
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:file.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HCA Information:Failed
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • VT rate limit hit for: file.exe

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        TimeTypeDescription
                                                                                                        18:13:16API Interceptor3x Sleep call for process: file.exe modified

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                        • www.valvesoftware.com/legal.htm
                                                                                                        172.67.206.204PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                          Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exeGet hashmaliciousLummaCBrowse
                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    xwZfYpo16i.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          p7SnjaA8NN.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            sergei-esenin.comPFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            steamcommunity.comPFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            utmggBCMML.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 92.122.104.90
                                                                                                                            WiTqtf1aiE.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254

                                                                                                                            ASNs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            CLOUDFLARENETUSRemittanceDetails(Rjackson)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 104.17.25.14
                                                                                                                            PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 172.65.255.143
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                            • 1.1.1.1
                                                                                                                            https://dsdhie.org/dsjhemGet hashmaliciousUnknownBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            AKAMAI-ASUSPFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            utmggBCMML.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                            • 184.28.90.27
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            https://dsdhie.org/dsjhemGet hashmaliciousUnknownBrowse
                                                                                                                            • 88.221.169.152
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 92.122.104.90

                                                                                                                            JA3 Fingerprints

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            utmggBCMML.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            WiTqtf1aiE.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            No created / dropped files found

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Entropy (8bit):7.948291865006266
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:file.exe
                                                                                                                            File size:1'847'808 bytes
                                                                                                                            MD5:4b701c6c6316241b700854f6ee0f1ef3
                                                                                                                            SHA1:3570b6e5a2595e4ce6f4763652501d33c42a8299
                                                                                                                            SHA256:4c6375bc022f9d994a0038a84f148d1cba6979e4ebb4aa6ecf6b8a074c507f9a
                                                                                                                            SHA512:857a9f02f1a2d97548f2219a606964aa8de304912a7c80f40c6adac2e975ede86628531c26cd4ab8c286c4c5a2721228a2ddf2c31b02a6baf01f518aeac13c4c
                                                                                                                            SSDEEP:49152:ZaZKjb2mESpD2RxGQ6lTFcfkG1OCwYSP7cDK:Z4KuMD2RjQFcfkG1OOSP7c
                                                                                                                            TLSH:1985331B4DB85776D5CB8C7A3223EE88DB9DEE3156E5B6A2163CC49131C0A4AF0F4807
                                                                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................J...........@..........................@J......&....@.................................W...k..

                                                                                                                            File Icon

                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x8a1000
                                                                                                                            Entrypoint Section:.taggant
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:6
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:6
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:6
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            jmp 00007F55F89A921Ah
                                                                                                                            movups xmm3, dqword ptr [eax+eax]
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            jmp 00007F55F89AB215h
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            0x10000x5d0000x25e0036fc8ac751a5a07ed50eb418412d60d9False0.9995358910891089data7.976365850464457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            0x600000x2a60000x20023aafe0f7f2d87591ca120baaa7495cbunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            lkgxlqgb0x3060000x19a0000x199a00ff981896dd6b2df0c410f23a03703c83False0.9949261662725053data7.953726865984964IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            oazzzkxz0x4a00000x10000x4001b1cfb840dc0c8c5b488bb55df8530aeFalse0.755859375data5.914632494580126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .taggant0x4a10000x30000x22007ce881734d52dc90afe9e4bedda19f12False0.006433823529411764DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            kernel32.dlllstrcpy

                                                                                                                            Network Behavior

                                                                                                                            Suricata IDS Alerts

                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                            2024-10-08T00:13:17.897273+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.9565551.1.1.153UDP
                                                                                                                            2024-10-08T00:13:17.909372+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.9558481.1.1.153UDP
                                                                                                                            2024-10-08T00:13:17.923430+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.9496611.1.1.153UDP
                                                                                                                            2024-10-08T00:13:17.935421+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.9652441.1.1.153UDP
                                                                                                                            2024-10-08T00:13:17.948701+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.9513721.1.1.153UDP
                                                                                                                            2024-10-08T00:13:17.960085+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.9616181.1.1.153UDP
                                                                                                                            2024-10-08T00:13:17.991565+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.9564121.1.1.153UDP
                                                                                                                            2024-10-08T00:13:18.006592+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.9551521.1.1.153UDP
                                                                                                                            2024-10-08T00:13:20.523260+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.949706172.67.206.204443TCP
                                                                                                                            2024-10-08T00:13:20.523260+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949706172.67.206.204443TCP

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Oct 8, 2024 00:13:18.044039965 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:18.044075012 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:18.044167042 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:18.047559023 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:18.047576904 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:18.659332991 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:18.659459114 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:18.755302906 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:18.755326033 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:18.755672932 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:18.807568073 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.059429884 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.107398987 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.454323053 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.454349995 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.454360008 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.454384089 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.454396963 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.454421997 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.454438925 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.454719067 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.454719067 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.544255972 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.544284105 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.544385910 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.544400930 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.544444084 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.549288034 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.549370050 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.549387932 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.549405098 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.549427986 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.549470901 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.550399065 CEST49705443192.168.2.9104.102.49.254
                                                                                                                            Oct 8, 2024 00:13:19.550416946 CEST44349705104.102.49.254192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.581423998 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:19.581465960 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.581542969 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:19.581906080 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:19.581918955 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:20.045905113 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:20.046016932 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:20.049477100 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:20.049493074 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:20.049774885 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:20.050924063 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:20.050954103 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:20.051022053 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:20.523216963 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:20.523294926 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:20.523353100 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:20.523550034 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:20.523571968 CEST44349706172.67.206.204192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:20.523585081 CEST49706443192.168.2.9172.67.206.204
                                                                                                                            Oct 8, 2024 00:13:20.523591995 CEST44349706172.67.206.204192.168.2.9

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Oct 8, 2024 00:13:17.897273064 CEST5655553192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:17.907262087 CEST53565551.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:17.909372091 CEST5584853192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:17.920603991 CEST53558481.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:17.923429966 CEST4966153192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:17.933404922 CEST53496611.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:17.935420990 CEST6524453192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:17.945247889 CEST53652441.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:17.948700905 CEST5137253192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:17.958544970 CEST53513721.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:17.960084915 CEST6161853192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:17.978627920 CEST53616181.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:17.991564989 CEST5641253192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:18.002655029 CEST53564121.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:18.006592035 CEST5515253192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:18.017126083 CEST53551521.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:18.026731968 CEST5510553192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:18.036554098 CEST53551051.1.1.1192.168.2.9
                                                                                                                            Oct 8, 2024 00:13:19.567847013 CEST5887253192.168.2.91.1.1.1
                                                                                                                            Oct 8, 2024 00:13:19.580301046 CEST53588721.1.1.1192.168.2.9

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Oct 8, 2024 00:13:17.897273064 CEST192.168.2.91.1.1.10xb12fStandard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.909372091 CEST192.168.2.91.1.1.10xfd92Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.923429966 CEST192.168.2.91.1.1.10x335cStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.935420990 CEST192.168.2.91.1.1.10xa01bStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.948700905 CEST192.168.2.91.1.1.10x5188Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.960084915 CEST192.168.2.91.1.1.10xa032Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.991564989 CEST192.168.2.91.1.1.10x37d3Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:18.006592035 CEST192.168.2.91.1.1.10xb955Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:18.026731968 CEST192.168.2.91.1.1.10x7dd4Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:19.567847013 CEST192.168.2.91.1.1.10xfb88Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Oct 8, 2024 00:13:17.907262087 CEST1.1.1.1192.168.2.90xb12fName error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.920603991 CEST1.1.1.1192.168.2.90xfd92Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.933404922 CEST1.1.1.1192.168.2.90x335cName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.945247889 CEST1.1.1.1192.168.2.90xa01bName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.958544970 CEST1.1.1.1192.168.2.90x5188Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:17.978627920 CEST1.1.1.1192.168.2.90xa032Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:18.002655029 CEST1.1.1.1192.168.2.90x37d3Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:18.017126083 CEST1.1.1.1192.168.2.90xb955Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:18.036554098 CEST1.1.1.1192.168.2.90x7dd4No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:19.580301046 CEST1.1.1.1192.168.2.90xfb88No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 00:13:19.580301046 CEST1.1.1.1192.168.2.90xfb88No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • steamcommunity.com
                                                                                                                            • sergei-esenin.com

                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.949705104.102.49.2544436040C:\Users\user\Desktop\file.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-10-07 22:13:19 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                            Connection: Keep-Alive
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                            Host: steamcommunity.com
                                                                                                                            2024-10-07 22:13:19 UTC1870INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Date: Mon, 07 Oct 2024 22:13:19 GMT
                                                                                                                            Content-Length: 34837
                                                                                                                            Connection: close
                                                                                                                            Set-Cookie: sessionid=5b6283b019fc1f07667e6800; Path=/; Secure; SameSite=None
                                                                                                                            Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                            2024-10-07 22:13:19 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                            2024-10-07 22:13:19 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                            Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                            2024-10-07 22:13:19 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                            Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                            2024-10-07 22:13:19 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            1192.168.2.949706172.67.206.2044436040C:\Users\user\Desktop\file.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-10-07 22:13:20 UTC264OUTPOST /api HTTP/1.1
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                            Content-Length: 8
                                                                                                                            Host: sergei-esenin.com
                                                                                                                            2024-10-07 22:13:20 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                            Data Ascii: act=life
                                                                                                                            2024-10-07 22:13:20 UTC803INHTTP/1.1 200 OK
                                                                                                                            Date: Mon, 07 Oct 2024 22:13:20 GMT
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Set-Cookie: PHPSESSID=fe37oi8l3ha3ibcau70k0tqjhb; expires=Fri, 31 Jan 2025 15:59:59 GMT; Max-Age=9999999; path=/
                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                            Pragma: no-cache
                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                            vary: accept-encoding
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BxcV%2BwEq9jL2K5cP%2B8GskXkWqqXYEDL77grvma1qHp%2FAdzqFXjwcznKuvCkWkGaZSrFFC5XIQRu0rbyz%2Fk51vf6cVVZ1rgxkoBCMS9DkS70H%2BgS98j8ZIkyXa1iJOKk2hgvfWg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 8cf13ce0d9300f9c-EWR
                                                                                                                            2024-10-07 22:13:20 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                            Data Ascii: aerror #D12
                                                                                                                            2024-10-07 22:13:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:18:13:15
                                                                                                                            Start date:07/10/2024
                                                                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                            Imagebase:0x530000
                                                                                                                            File size:1'847'808 bytes
                                                                                                                            MD5 hash:4B701C6C6316241B700854F6EE0F1EF3
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low
                                                                                                                            Has exited:true

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:0.9%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:66.7%
                                                                                                                              Total number of Nodes:36
                                                                                                                              Total number of Limit Nodes:4
                                                                                                                              execution_graph 20453 53d110 20455 53d119 20453->20455 20454 53d2ee ExitProcess 20455->20454 20456 53d2e9 20455->20456 20459 540b40 FreeLibrary 20455->20459 20460 5756e0 FreeLibrary 20456->20460 20459->20456 20460->20454 20504 573202 RtlAllocateHeap 20461 53edb5 20462 53edd0 20461->20462 20465 53fca0 20462->20465 20466 53fcdc 20465->20466 20468 53ef70 20466->20468 20469 573220 20466->20469 20470 5732a2 RtlFreeHeap 20469->20470 20471 5732ac 20469->20471 20472 573236 20469->20472 20470->20471 20471->20468 20472->20470 20473 5799d0 20475 5799f5 20473->20475 20474 579b0e 20477 579a5f 20475->20477 20479 575bb0 LdrInitializeThunk 20475->20479 20477->20474 20480 575bb0 LdrInitializeThunk 20477->20480 20479->20477 20480->20474 20505 56d9cb 20506 56d9fb 20505->20506 20507 56da65 20506->20507 20509 575bb0 LdrInitializeThunk 20506->20509 20509->20506 20491 54049b 20495 540227 20491->20495 20492 540455 20498 575700 RtlFreeHeap 20492->20498 20495->20492 20496 540308 20495->20496 20497 575700 RtlFreeHeap 20495->20497 20497->20492 20498->20496 20499 5764b8 20500 5763f2 20499->20500 20501 57646e 20500->20501 20503 575bb0 LdrInitializeThunk 20500->20503 20503->20501

                                                                                                                              Executed Functions

                                                                                                                              Function 0053FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 25 53fca0-53fcda 26 53fd0b-53fe22 25->26 27 53fcdc-53fcdf 25->27 29 53fe24 26->29 30 53fe5b-53fe8c 26->30 28 53fce0-53fd09 call 542690 27->28 28->26 32 53fe30-53fe59 call 542760 29->32 33 53feb6-53fecf call 540b50 30->33 34 53fe8e-53fe8f 30->34 32->30 43 53fed5-53fef8 33->43 44 53ffe4-53ffe6 33->44 38 53fe90-53feb4 call 542700 34->38 38->33 45 53ff2b-53ff2d 43->45 46 53fefa 43->46 47 5401b1-5401bb 44->47 49 53ff30-53ff3a 45->49 48 53ff00-53ff29 call 5427e0 46->48 48->45 51 53ff41-53ff49 49->51 52 53ff3c-53ff3f 49->52 54 5401a2-5401a5 call 573220 51->54 55 53ff4f-53ff76 51->55 52->49 52->51 62 5401aa-5401ad 54->62 57 53ffab-53ffb5 55->57 58 53ff78 55->58 60 53ffb7-53ffbb 57->60 61 53ffeb 57->61 59 53ff80-53ffa9 call 542840 58->59 59->57 64 53ffc7-53ffcb 60->64 65 53ffed-53ffef 61->65 62->47 67 53ffd1-53ffd8 64->67 68 54019a 64->68 65->68 69 53fff5-54002c 65->69 70 53ffda-53ffdc 67->70 71 53ffde 67->71 68->54 72 54002e-54002f 69->72 73 54005b-540065 69->73 70->71 77 53ffc0-53ffc5 71->77 78 53ffe0-53ffe2 71->78 74 540030-540059 call 5428a0 72->74 75 5400a4 73->75 76 540067-54006f 73->76 74->73 81 5400a6-5400a8 75->81 80 540087-54008b 76->80 77->64 77->65 78->77 80->68 83 540091-540098 80->83 81->68 84 5400ae-5400c5 81->84 85 54009e 83->85 86 54009a-54009c 83->86 87 5400c7 84->87 88 5400fb-540102 84->88 91 540080-540085 85->91 92 5400a0-5400a2 85->92 86->85 93 5400d0-5400f9 call 542900 87->93 89 540104-54010d 88->89 90 540130-54013c 88->90 95 540117-54011b 89->95 96 5401c2-5401c7 90->96 91->80 91->81 92->91 93->88 95->68 98 54011d-540124 95->98 96->54 99 540126-540128 98->99 100 54012a 98->100 99->100 101 540110-540115 100->101 102 54012c-54012e 100->102 101->95 103 540141-540143 101->103 102->101 103->68 104 540145-54015b 103->104 104->96 105 54015d-54015f 104->105 106 540163-540166 105->106 107 5401bc 106->107 108 540168-540188 call 542030 106->108 107->96 111 540192-540198 108->111 112 54018a-540190 108->112 111->96 112->106 112->111
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: J|BJ$V$VY^_$t
                                                                                                                              • API String ID: 0-3701112211
                                                                                                                              • Opcode ID: 1ca13b31b39e81caf614065ed63493bfe278b9ed31cf1c9c8a9f43b3f7df57e9
                                                                                                                              • Instruction ID: 6f9484ef2169308b76d53bac4a5d0a0fab6b706266b8d33ec5ed4e69daacb92e
                                                                                                                              • Opcode Fuzzy Hash: 1ca13b31b39e81caf614065ed63493bfe278b9ed31cf1c9c8a9f43b3f7df57e9
                                                                                                                              • Instruction Fuzzy Hash: 9BD1767450C3909BD310DF14989466FBFE1BB96B48F68981CF9C99B252C336CD09DB92
                                                                                                                              Function 0053D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 149 53d110-53d11b call 574cc0 152 53d121-53d130 call 56c8d0 149->152 153 53d2ee-53d2f6 ExitProcess 149->153 157 53d136-53d15f 152->157 158 53d2e9 call 5756e0 152->158 162 53d161 157->162 163 53d196-53d1bf 157->163 158->153 164 53d170-53d194 call 53d300 162->164 165 53d1c1 163->165 166 53d1f6-53d20c 163->166 164->163 168 53d1d0-53d1f4 call 53d370 165->168 169 53d239-53d23b 166->169 170 53d20e-53d20f 166->170 168->166 171 53d286-53d2aa 169->171 172 53d23d-53d25a 169->172 175 53d210-53d237 call 53d3e0 170->175 178 53d2d6 call 53e8f0 171->178 179 53d2ac-53d2af 171->179 172->171 177 53d25c-53d25f 172->177 175->169 182 53d260-53d284 call 53d440 177->182 187 53d2db-53d2dd 178->187 183 53d2b0-53d2d4 call 53d490 179->183 182->171 183->178 187->158 188 53d2df-53d2e4 call 542f10 call 540b40 187->188 188->158
                                                                                                                              APIs
                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 0053D2F0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExitProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 621844428-0
                                                                                                                              • Opcode ID: 1a1b927f1a4c11b90b0a559eb7d6621e46eccd1f202bf68147b64440e4efeb8f
                                                                                                                              • Instruction ID: 32b9a075fae75d6850ae65a3483dd1ed4b3c37dba4c7d6d4c441613c4dd5072a
                                                                                                                              • Opcode Fuzzy Hash: 1a1b927f1a4c11b90b0a559eb7d6621e46eccd1f202bf68147b64440e4efeb8f
                                                                                                                              • Instruction Fuzzy Hash: 9841027440D380ABD701AB68E689A2EFFF5BF92745F148C1CE9C497252C336D8249B67
                                                                                                                              Function 00575BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 204 575bb0-575be2 LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              • LdrInitializeThunk.NTDLL(0057973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00575BDE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                              • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                              • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                              • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                              Function 0057695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 233 57695b-57696b call 574a20 236 576981-576a02 233->236 237 57696d 233->237 239 576a36-576a42 236->239 240 576a04 236->240 238 576970-57697f 237->238 238->236 238->238 242 576a85-576a9f 239->242 243 576a44-576a4f 239->243 241 576a10-576a34 call 5773e0 240->241 241->239 245 576a50-576a57 243->245 246 576a60-576a66 245->246 247 576a59-576a5c 245->247 246->242 250 576a68-576a7d call 575bb0 246->250 247->245 249 576a5e 247->249 249->242 252 576a82 250->252 252->242
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 0-2766056989
                                                                                                                              • Opcode ID: 6067fc25f8398d48fe466542f3c52b3e8a108c75035219a246f184aefc9e966a
                                                                                                                              • Instruction ID: cfc267f16a6bedf335c62e400f467f923e830582fbba7eeff0373138b43614b6
                                                                                                                              • Opcode Fuzzy Hash: 6067fc25f8398d48fe466542f3c52b3e8a108c75035219a246f184aefc9e966a
                                                                                                                              • Instruction Fuzzy Hash: 9B317AB15183029FD718DF14E890B2ABBF1FF94344F54D82CE9CAA7261E3749904EB56
                                                                                                                              Function 0054049B Relevance: .3, Instructions: 264COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 253 54049b-540515 call 53c9f0 257 540356 253->257 258 540417-540430 253->258 259 540370-54037e 253->259 260 5403d0-5403d7 253->260 261 540311-540320 253->261 262 540472-540477 253->262 263 540393-540397 253->263 264 54051c-54051e 253->264 265 5403be 253->265 266 5403de-5403e3 253->266 267 54035f-540367 253->267 268 540339-54034f 253->268 269 54045b-540469 call 575700 253->269 270 5403fb-540414 253->270 271 540246-540260 253->271 272 540386-54038c 253->272 273 540227-54023b 253->273 274 540440-540458 call 575700 253->274 275 540480 253->275 276 540242-540244 253->276 277 540482-540484 253->277 278 5403ec-5403f4 253->278 279 540308-54030c 253->279 257->267 258->274 259->272 260->258 260->262 260->263 260->266 260->270 260->272 260->275 260->277 260->278 293 540327-540332 261->293 262->275 296 5403a0-5403b7 263->296 280 540520 264->280 265->260 266->278 267->259 268->257 268->258 268->259 268->260 268->262 268->263 268->265 268->266 268->267 268->269 268->270 268->272 268->274 268->275 268->277 268->278 269->262 270->258 285 540294 271->285 286 540262 271->286 272->262 272->263 272->275 272->277 273->257 273->258 273->259 273->260 273->261 273->262 273->263 273->265 273->266 273->267 273->268 273->269 273->270 273->271 273->272 273->274 273->275 273->276 273->277 273->278 273->279 274->269 284 540296-5402bd 276->284 282 54048d-540496 277->282 278->262 278->263 278->270 278->275 278->277 279->282 300 540529-540b30 280->300 282->280 289 5402bf 284->289 290 5402ea-540301 284->290 285->284 287 540270-540292 call 542eb0 286->287 287->285 298 5402c0-5402e8 call 542e70 289->298 290->257 290->258 290->259 290->260 290->261 290->262 290->263 290->265 290->266 290->267 290->268 290->269 290->270 290->272 290->274 290->275 290->277 290->278 290->279 293->257 293->258 293->259 293->260 293->262 293->263 293->265 293->266 293->267 293->268 293->269 293->270 293->272 293->274 293->275 293->277 293->278 296->258 296->260 296->262 296->263 296->265 296->266 296->269 296->270 296->272 296->274 296->275 296->277 296->278 298->290
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8b0c146c33c8bf408792e97a754f7b6f78d7ba572f5801af5f2c63eda7195800
                                                                                                                              • Instruction ID: a0fcdfa73f450ab90f81265d3a4c2c3e303318fad885da6fd7cf600183867ec4
                                                                                                                              • Opcode Fuzzy Hash: 8b0c146c33c8bf408792e97a754f7b6f78d7ba572f5801af5f2c63eda7195800
                                                                                                                              • Instruction Fuzzy Hash: 53919D75200B01CFD724CF25E894A26B7F6FF89314B118A6CE8568BBA1DB30E859DF50
                                                                                                                              Function 00540228 Relevance: .2, Instructions: 218COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 307 540228-54023b 308 540356 307->308 309 540417-540430 307->309 310 540370-54037e 307->310 311 5403d0-5403d7 307->311 312 540311-540320 307->312 313 540472-540477 307->313 314 540393-540397 307->314 315 5403be 307->315 316 5403de-5403e3 307->316 317 54035f-540367 307->317 318 540339-54034f 307->318 319 54045b-540469 call 575700 307->319 320 5403fb-540414 307->320 321 540246-540260 307->321 322 540386-54038c 307->322 323 540440-540458 call 575700 307->323 324 540480 307->324 325 540242-540244 307->325 326 540482-540484 307->326 327 5403ec-5403f4 307->327 328 540308-54030c 307->328 308->317 309->323 310->322 311->309 311->313 311->314 311->316 311->320 311->322 311->324 311->326 311->327 341 540327-540332 312->341 313->324 344 5403a0-5403b7 314->344 315->311 316->327 317->310 318->308 318->309 318->310 318->311 318->313 318->314 318->315 318->316 318->317 318->319 318->320 318->322 318->323 318->324 318->326 318->327 319->313 320->309 333 540294 321->333 334 540262 321->334 322->313 322->314 322->324 322->326 323->319 332 540296-5402bd 325->332 330 54048d-540496 326->330 327->313 327->314 327->320 327->324 327->326 328->330 351 540520 330->351 337 5402bf 332->337 338 5402ea-540301 332->338 333->332 335 540270-540292 call 542eb0 334->335 335->333 346 5402c0-5402e8 call 542e70 337->346 338->308 338->309 338->310 338->311 338->312 338->313 338->314 338->315 338->316 338->317 338->318 338->319 338->320 338->322 338->323 338->324 338->326 338->327 338->328 341->308 341->309 341->310 341->311 341->313 341->314 341->315 341->316 341->317 341->318 341->319 341->320 341->322 341->323 341->324 341->326 341->327 344->309 344->311 344->313 344->314 344->315 344->316 344->319 344->320 344->322 344->323 344->324 344->326 344->327 346->338 353 540529-540b30 351->353
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dd806ca5b8fec160f5f9ec19a17a7935a282f2893abedefbbb2e5bca0d4fc32b
                                                                                                                              • Instruction ID: 8b845502372ba8830b8978098b720a5e00edfa08ef79ccc5846506add09c26a4
                                                                                                                              • Opcode Fuzzy Hash: dd806ca5b8fec160f5f9ec19a17a7935a282f2893abedefbbb2e5bca0d4fc32b
                                                                                                                              • Instruction Fuzzy Hash: 75718C74204701DFD724CF20E898A26BBF6FF89314F10896CE94A876A2D771A859EF50
                                                                                                                              Function 005799D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 356 5799d0-5799f3 357 5799f5 356->357 358 579a2b-579a3b 356->358 359 579a00-579a29 call 57ae40 357->359 360 579a3d-579a4f 358->360 361 579a8c-579a95 358->361 359->358 365 579a50-579a58 360->365 362 579b36-579b38 361->362 363 579a9b-579ab5 361->363 366 579b3a-579b41 362->366 367 579b49-579b50 362->367 368 579ab7 363->368 369 579ae6-579af2 363->369 371 579a61-579a67 365->371 372 579a5a-579a5d 365->372 374 579b47 366->374 375 579b43 366->375 376 579ac0-579ae4 call 57ae40 368->376 377 579af4-579aff 369->377 378 579b2e-579b30 369->378 371->361 373 579a69-579a84 call 575bb0 371->373 372->365 379 579a5f 372->379 384 579a89 373->384 374->367 375->374 376->369 383 579b00-579b07 377->383 378->362 381 579b32 378->381 379->361 381->362 386 579b10-579b16 383->386 387 579b09-579b0c 383->387 384->361 386->378 388 579b18-579b2b call 575bb0 386->388 387->383 389 579b0e 387->389 388->378 389->378
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d14dc8a86e759fa500a044bafa447fe654c1b813439a153d68b0b2bd517e49c0
                                                                                                                              • Instruction ID: 3ca2c97171269f39c5cae2ebebf16d0d1bcd668efe5d20f75d6ffc2f5ecc7706
                                                                                                                              • Opcode Fuzzy Hash: d14dc8a86e759fa500a044bafa447fe654c1b813439a153d68b0b2bd517e49c0
                                                                                                                              • Instruction Fuzzy Hash: 66417C34209300ABD714DA15E890F2BFBB6FB85754F64C82CF98E97251E331E801EB62
                                                                                                                              Function 005763B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 35cf001e10fbe1c0c846d070deabd8a7c9a1cf1def5adf1a83b048b2a3623eaa
                                                                                                                              • Instruction ID: 47bba4b817be26c93370cb434657ac9abed107e0810b0310ce2609c76115484c
                                                                                                                              • Opcode Fuzzy Hash: 35cf001e10fbe1c0c846d070deabd8a7c9a1cf1def5adf1a83b048b2a3623eaa
                                                                                                                              • Instruction Fuzzy Hash: D0310974249701BFDA14DB04ED81F3ABBA2FB90B50F64D90CF5896B1E1D370A811EB52
                                                                                                                              Function 00573220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 194 573220-57322f 195 573236-573252 194->195 196 5732a2-5732a6 RtlFreeHeap 194->196 197 5732a0 194->197 198 5732ac-5732b0 194->198 199 573286-573296 195->199 200 573254 195->200 196->198 197->196 199->197 201 573260-573284 call 575af0 200->201 201->199
                                                                                                                              APIs
                                                                                                                              • RtlFreeHeap.NTDLL(?,00000000), ref: 005732A6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3298025750-0
                                                                                                                              • Opcode ID: 9a4042ead87cd73cb28b1c7b5ef3829b5baabcb0b720dcb1e6036c2f2f6c9b66
                                                                                                                              • Instruction ID: 33154bff7ffe010905e0745949096423c6c166072cbfcb7333068f035b14a902
                                                                                                                              • Opcode Fuzzy Hash: 9a4042ead87cd73cb28b1c7b5ef3829b5baabcb0b720dcb1e6036c2f2f6c9b66
                                                                                                                              • Instruction Fuzzy Hash: 18014B3450D2409BC701AF18E845A1ABBE8EF5AB11F058C2CE5C99B362D635DD64EBA2
                                                                                                                              Function 00573202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 205 573202-573211 RtlAllocateHeap
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000), ref: 00573208
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: da9eba47b9481a269cc08e23da879a192be974447b1059866214a3d8b1700e53
                                                                                                                              • Instruction ID: f073402b7d74c9cb21303e685feb46bfda1d214f98498896b4d638491b0ea7c0
                                                                                                                              • Opcode Fuzzy Hash: da9eba47b9481a269cc08e23da879a192be974447b1059866214a3d8b1700e53
                                                                                                                              • Instruction Fuzzy Hash: 19B012300400005FEA081B00EC0AF003660EB10605FC01050A900540F1D1615868D664

                                                                                                                              Non-executed Functions

                                                                                                                              Function 0054DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                              • API String ID: 2994545307-1418943773
                                                                                                                              • Opcode ID: d31696ce600230e2f30c21b2498d0280894a8682995261a5925c29c51c7312e0
                                                                                                                              • Instruction ID: 01de45072d32aaf91e54fece7f5ba72feb49efdab6b6e67e4946e337d54bdd7c
                                                                                                                              • Opcode Fuzzy Hash: d31696ce600230e2f30c21b2498d0280894a8682995261a5925c29c51c7312e0
                                                                                                                              • Instruction Fuzzy Hash: 19F277B05083819BD770CF14C494BEBBBE6BBD5348F148C2CE4C99B252EB719984DB92
                                                                                                                              Function 005623E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                                                                                              • API String ID: 0-786070067
                                                                                                                              • Opcode ID: 40ebac79be648e56bddcd49021a2a93f79af16f55103fb65b1f193522e5c2014
                                                                                                                              • Instruction ID: f62914a92c32ca931d6204a5d37efee6ead16e4997b3ed89a3ce25b3cf73b797
                                                                                                                              • Opcode Fuzzy Hash: 40ebac79be648e56bddcd49021a2a93f79af16f55103fb65b1f193522e5c2014
                                                                                                                              • Instruction Fuzzy Hash: A333AC70504B818FE7258F38C590762BFE1BF56304F58899DE4DA8BB92C735E906CBA1
                                                                                                                              Function 00559F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                              • API String ID: 0-1131134755
                                                                                                                              • Opcode ID: db1cc371f48c1a2030195428bc5dfa28465f6297fdacf032df0b5bbfd3fdc470
                                                                                                                              • Instruction ID: fb012f893483b0927fea3902634db42883a7ba2713ed71fc7bf56aba5ddc9b56
                                                                                                                              • Opcode Fuzzy Hash: db1cc371f48c1a2030195428bc5dfa28465f6297fdacf032df0b5bbfd3fdc470
                                                                                                                              • Instruction Fuzzy Hash: 9B52C7B404D385CAE270CF25D585B8EBAF1BB92740F608A1DE5ED5B255DB708049CF93
                                                                                                                              Function 00559510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                              • API String ID: 0-655414846
                                                                                                                              • Opcode ID: fe6b69f8dfb609e244bc24a99590bf04697ab9d4954862786987be5858716cf1
                                                                                                                              • Instruction ID: 3147c4fba68d8e70a28d62e4978000ede260da65d2dae0ada8549113bb609f95
                                                                                                                              • Opcode Fuzzy Hash: fe6b69f8dfb609e244bc24a99590bf04697ab9d4954862786987be5858716cf1
                                                                                                                              • Instruction Fuzzy Hash: 55F13EB0108381ABD310DF15D891A2ABBF4FB96B49F044D1DF9D59B252E338D908DBA6
                                                                                                                              Function 0055DD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: U$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$rU$upH}${E$U
                                                                                                                              • API String ID: 0-2928314496
                                                                                                                              • Opcode ID: 72b94793dc9432fcd9a31c029b3ebbd6dbd25f483d827e3ee505c8f09ff88390
                                                                                                                              • Instruction ID: eb94b4d366900efd9855ad0ea4ebcf3f0b4c837d24ad8d165a7f542086b73792
                                                                                                                              • Opcode Fuzzy Hash: 72b94793dc9432fcd9a31c029b3ebbd6dbd25f483d827e3ee505c8f09ff88390
                                                                                                                              • Instruction Fuzzy Hash: 49921471E00605CFDB08CF68D85266EBFB2FF89311F198169E856AB391D731AD06CB90
                                                                                                                              Function 006FA119 Relevance: 11.6, Strings: 8, Instructions: 1629COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: U3$$8]$(1/w$:M?$:M?$WWL8$b%$eWw
                                                                                                                              • API String ID: 0-1185055106
                                                                                                                              • Opcode ID: 7fc9d0af9b31f0dae5d85fda2069ad277b303c8e70eb7e7a00007189271facc7
                                                                                                                              • Instruction ID: 7a17879bc79b834082d3eb0c27976cf0a720455ebc548939d3d9e312b2b90016
                                                                                                                              • Opcode Fuzzy Hash: 7fc9d0af9b31f0dae5d85fda2069ad277b303c8e70eb7e7a00007189271facc7
                                                                                                                              • Instruction Fuzzy Hash: 6CB229F3A0C2049FE304AE2DDC8567AF7E9EF94720F1A493DEAC5C3744E63559018696
                                                                                                                              Function 00704464 Relevance: 11.6, Strings: 8, Instructions: 1613COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: +O$7$T$<(ff$N#_$P}/$T"WO$[g$ehG
                                                                                                                              • API String ID: 0-279833933
                                                                                                                              • Opcode ID: 05426baefee3069134fb89f3189c47adb658ba3757e7d087a4ffbfad3d3fd50d
                                                                                                                              • Instruction ID: 4f1f58275c142aeaa4180ca21574a94c2c399393328a9d584a515979d25337b8
                                                                                                                              • Opcode Fuzzy Hash: 05426baefee3069134fb89f3189c47adb658ba3757e7d087a4ffbfad3d3fd50d
                                                                                                                              • Instruction Fuzzy Hash: 9FB238F3A086049FE3046E2DEC8567AFBE9EFD4720F1A853DE6C487744EA3558058693
                                                                                                                              Function 00709594 Relevance: 11.6, Strings: 8, Instructions: 1592COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: #G|}$AM[~$XcD$kYk$qq~${Xuz$&k$Ne?
                                                                                                                              • API String ID: 0-2328178690
                                                                                                                              • Opcode ID: 176341fd839cd16acee4e52725c331610b0d05d742eb42fa5ca0292b15cb79d7
                                                                                                                              • Instruction ID: 142c66025afa48b6e2ed12a5a8c9b78240cba2a774ee5fd35313b565ed3b8b74
                                                                                                                              • Opcode Fuzzy Hash: 176341fd839cd16acee4e52725c331610b0d05d742eb42fa5ca0292b15cb79d7
                                                                                                                              • Instruction Fuzzy Hash: 4FB2F5F3A0C2049FE304AE29DC8567AF7E9EF94320F1A893DE6C4C7744EA3558458697
                                                                                                                              Function 0055098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                              • API String ID: 0-4102007303
                                                                                                                              • Opcode ID: ed7ebd2bda76f10d1e6706c539aab31ce1dc8ee7a9b0c67d4e6ea2978c3891ae
                                                                                                                              • Instruction ID: 44548395aad80cc631467bb26cf04e469839189d003ee2b1420be71bfecfd822
                                                                                                                              • Opcode Fuzzy Hash: ed7ebd2bda76f10d1e6706c539aab31ce1dc8ee7a9b0c67d4e6ea2978c3891ae
                                                                                                                              • Instruction Fuzzy Hash: 8C62ABB55083818BD730CF14D4A5BABBBE1FF96315F04492EE89A8B681E3759848CB53
                                                                                                                              Function 00531000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                              • API String ID: 0-2517803157
                                                                                                                              • Opcode ID: e26a55e6005789ca8d7c029aa3174c1448a12e176cd3215b37c32fc6f8154d7d
                                                                                                                              • Instruction ID: 087a801cff38adf1e829c30ed3d3340bf8a0f0c601d80c573bb0776016e2bc11
                                                                                                                              • Opcode Fuzzy Hash: e26a55e6005789ca8d7c029aa3174c1448a12e176cd3215b37c32fc6f8154d7d
                                                                                                                              • Instruction Fuzzy Hash: EBD2E1716087428FD718CE29C89436ABFE2BFD9314F188A2DE499CB391D774D945CB82
                                                                                                                              Function 005312F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 0$0$0$@$i
                                                                                                                              • API String ID: 0-3124195287
                                                                                                                              • Opcode ID: 8255d40f70aba22535c08720e5728051f3ef5109e2e65da1816528f458a4bf75
                                                                                                                              • Instruction ID: 0013407c76ccd2963642cfb3a3ab2c065f9196a4cfb574e8c152a9207e510341
                                                                                                                              • Opcode Fuzzy Hash: 8255d40f70aba22535c08720e5728051f3ef5109e2e65da1816528f458a4bf75
                                                                                                                              • Instruction Fuzzy Hash: 7762CE7160CB818BD319CE28C49476ABFE1BFD5308F188E6DE8D987291D774D949CB82
                                                                                                                              Function 0053164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                              • API String ID: 0-1123320326
                                                                                                                              • Opcode ID: 8da4d4fc38a63d2dd5ad1b1c4903ad379bf3eb9a8a7ddb87652b69afb7aba333
                                                                                                                              • Instruction ID: c465449dd12b81379e0fbe4d6e1c5659fdc2d35bca0ade6edcccea30b522a982
                                                                                                                              • Opcode Fuzzy Hash: 8da4d4fc38a63d2dd5ad1b1c4903ad379bf3eb9a8a7ddb87652b69afb7aba333
                                                                                                                              • Instruction Fuzzy Hash: D9F19C3160CB818FC719CE29C49426AFFE2BBD9304F188A6DE4D987352D774D949CB92
                                                                                                                              Function 005313A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                              • API String ID: 0-3620105454
                                                                                                                              • Opcode ID: fd8932b4070673ca8847e4be1d8bb558f1826b2c7ba3677029d79b9f1db613e0
                                                                                                                              • Instruction ID: 4d647783ddc89b7e8845446dee301509c0b5c5ab16b500dfeffb97d2ec935776
                                                                                                                              • Opcode Fuzzy Hash: fd8932b4070673ca8847e4be1d8bb558f1826b2c7ba3677029d79b9f1db613e0
                                                                                                                              • Instruction Fuzzy Hash: 28D16C3560CB828FC719CE29C49426AFFE2BBD9304F08CA6DE4D987356D634D949CB52
                                                                                                                              Function 0055FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: :$NA_I$m1s3$uvw
                                                                                                                              • API String ID: 0-3973114637
                                                                                                                              • Opcode ID: d93cf220d78fb338bf438cd54135008b723c7dd62328d57516c4c43a702308d8
                                                                                                                              • Instruction ID: ac7a7e569b24f5891a46cdbd9ad2d232d22b104065599178bfa284175d17d2cb
                                                                                                                              • Opcode Fuzzy Hash: d93cf220d78fb338bf438cd54135008b723c7dd62328d57516c4c43a702308d8
                                                                                                                              • Instruction Fuzzy Hash: FB32CAB0508381DFD314DF28D884A2BBBE5BB9A350F145E2CF9D59B292D335D909CB92
                                                                                                                              Function 00543BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($;z$p$ss
                                                                                                                              • API String ID: 0-2391135358
                                                                                                                              • Opcode ID: 457a6ea3647d2aceae9c4242ff60e466e471fb03a29edc5fdcd3c252c5b40cce
                                                                                                                              • Instruction ID: a0bda657aaca9bdc6195e33f9eeebd4464b91327bf265cb6dbf08a389432906c
                                                                                                                              • Opcode Fuzzy Hash: 457a6ea3647d2aceae9c4242ff60e466e471fb03a29edc5fdcd3c252c5b40cce
                                                                                                                              • Instruction Fuzzy Hash: 85025BB4810B00AFD760DF24D986756BFF5FB05304F50895DE89A9B696E330E819CFA2
                                                                                                                              Function 00552260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: a|$hu$lc$sj
                                                                                                                              • API String ID: 0-3748788050
                                                                                                                              • Opcode ID: 118e4a732a8c704936949fd2cad1992085584011d3ad60b654586f0bcf017d0e
                                                                                                                              • Instruction ID: e385a9f5414fe5290d05c0bc6fa3b0e23b970f6f803da35d680db1856a784888
                                                                                                                              • Opcode Fuzzy Hash: 118e4a732a8c704936949fd2cad1992085584011d3ad60b654586f0bcf017d0e
                                                                                                                              • Instruction Fuzzy Hash: 86A1AE74408341CBC720DF18C8A1A2BBBF0FF96355F588A0DE8D99B291E335D949CB96
                                                                                                                              Function 0055D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: #'$CV$KV$T>
                                                                                                                              • API String ID: 0-95592268
                                                                                                                              • Opcode ID: e64968e99c7d08d7e1b0d4d709b2e37daabd430567653a8b6f215f9e792c63ca
                                                                                                                              • Instruction ID: 9281ca54ffb9e606eeebd373b48253c6109593452dc67afaa40508be61ef1eb0
                                                                                                                              • Opcode Fuzzy Hash: e64968e99c7d08d7e1b0d4d709b2e37daabd430567653a8b6f215f9e792c63ca
                                                                                                                              • Instruction Fuzzy Hash: 458156B48017469BCB20DF95D28515EBFB1FF12301F605A0DE8866BB55D330AA59CFE2
                                                                                                                              Function 0055AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                              • API String ID: 0-1327526056
                                                                                                                              • Opcode ID: c04948da48aaae972f6372a2d7dc8161db128837736f1327c8420f222156a3a3
                                                                                                                              • Instruction ID: 3907a2ce144d64865d7fc8c71dcec197fa4be9dccdce89854c662013cf65fe9b
                                                                                                                              • Opcode Fuzzy Hash: c04948da48aaae972f6372a2d7dc8161db128837736f1327c8420f222156a3a3
                                                                                                                              • Instruction Fuzzy Hash: 9C41A974408382CBD7209F20D804BABBBF4FF86306F54995EE9C8A7210DB31D949DB96
                                                                                                                              Function 0055C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($%*+($~/i!
                                                                                                                              • API String ID: 0-4033100838
                                                                                                                              • Opcode ID: 6853c8584a52a6848a37a4c2e50e277073156355d74459c47c837af56273dea0
                                                                                                                              • Instruction ID: 20385d2e0fe721bc21411fd8ee75f8d674a2bce327cc9ba30e89c60bcd1c6c8c
                                                                                                                              • Opcode Fuzzy Hash: 6853c8584a52a6848a37a4c2e50e277073156355d74459c47c837af56273dea0
                                                                                                                              • Instruction Fuzzy Hash: 48E1B6B1508340DFE3209F25D881B2EBBF9FB95341F48882DE9C99B251E731D819CB92
                                                                                                                              Function 00538590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: )$)$IEND
                                                                                                                              • API String ID: 0-588110143
                                                                                                                              • Opcode ID: c53886fb229082bd32f500fa39649a9cb2f597ddf9f93c3a77b929524a05918e
                                                                                                                              • Instruction ID: 0fd9a3459cc112eff52816497a89222836aa98821a21daab36be783e5175c2e4
                                                                                                                              • Opcode Fuzzy Hash: c53886fb229082bd32f500fa39649a9cb2f597ddf9f93c3a77b929524a05918e
                                                                                                                              • Instruction Fuzzy Hash: DBE1BFB1A087069FE314CF29C88572ABFE0BB94314F14492DF59997381DB75E914CBC2
                                                                                                                              Function 006FD741 Relevance: 4.1, Strings: 2, Instructions: 1622COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ->$:KQN
                                                                                                                              • API String ID: 0-101403250
                                                                                                                              • Opcode ID: 4fc89ea56c8e38f68a7c7c2c47d11ec331894a494855374b3ad8b908ec1b6cbd
                                                                                                                              • Instruction ID: f06722dfde604b892b5ee0da9d63c28f39d373f81f39675114ededa35d7036e2
                                                                                                                              • Opcode Fuzzy Hash: 4fc89ea56c8e38f68a7c7c2c47d11ec331894a494855374b3ad8b908ec1b6cbd
                                                                                                                              • Instruction Fuzzy Hash: A7B225F360C2049FE304AE2DEC8567ABBE9EF94320F1A493DE6C5C3744EA7558018697
                                                                                                                              Function 006FBCBF Relevance: 4.1, Strings: 2, Instructions: 1603COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ";$QY]
                                                                                                                              • API String ID: 0-3699818607
                                                                                                                              • Opcode ID: 60f6ee8a6ecc20404847a5c64f700e8a6c56fe5f635f1dadf24deb7b87516e4a
                                                                                                                              • Instruction ID: 5d5ed8ae2ffc0cc4778022504f0605c9f61d27db6d7109a55f7f9d0917f493d7
                                                                                                                              • Opcode Fuzzy Hash: 60f6ee8a6ecc20404847a5c64f700e8a6c56fe5f635f1dadf24deb7b87516e4a
                                                                                                                              • Instruction Fuzzy Hash: 4AB2E3F3A082009FE304AE29EC8567AFBE5EFD4720F1A493DE6C4C7744E63598458697
                                                                                                                              Function 005C3CDD Relevance: 4.0, Strings: 3, Instructions: 232COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (7h$3*+$`3Wk
                                                                                                                              • API String ID: 0-3618448420
                                                                                                                              • Opcode ID: 196962ef0bc93a0a76cab2516697296a154cf72c25e69d325c8d3673d4a261f0
                                                                                                                              • Instruction ID: 7d367a52c9de5d498396e0a9c2caddafb738063fffe256c399c248a34b6a43fc
                                                                                                                              • Opcode Fuzzy Hash: 196962ef0bc93a0a76cab2516697296a154cf72c25e69d325c8d3673d4a261f0
                                                                                                                              • Instruction Fuzzy Hash: E16138B3A0C2105FE718AA2DEC557BAB7DADFC4360F19853DE6C5C3740E97948018296
                                                                                                                              Function 006E5297 Relevance: 3.9, Strings: 3, Instructions: 185COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !P]u$q>8o$.ow
                                                                                                                              • API String ID: 0-2640608127
                                                                                                                              • Opcode ID: f60c806888be12e35b5e161b8ced85b3031e6dff5e3f426c7578002076b62292
                                                                                                                              • Instruction ID: 3a06203a4f50783078cd307c05bb866e0f22df34db59772d8892dd8ce62812a2
                                                                                                                              • Opcode Fuzzy Hash: f60c806888be12e35b5e161b8ced85b3031e6dff5e3f426c7578002076b62292
                                                                                                                              • Instruction Fuzzy Hash: 8E5137F3E082105FE3085A28EC5573AB3DAEBD4360F2B453EE989D7384ED766C058685
                                                                                                                              Function 00574040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($f
                                                                                                                              • API String ID: 0-2038831151
                                                                                                                              • Opcode ID: 5214bd97582c3c9464762974290ab25b562e9102ab53ac6731c33e53361bc74c
                                                                                                                              • Instruction ID: bc3a354cf52b4cefa0f57aca3d1afc6350e7c83af9e515008cafcbaca03924e8
                                                                                                                              • Opcode Fuzzy Hash: 5214bd97582c3c9464762974290ab25b562e9102ab53ac6731c33e53361bc74c
                                                                                                                              • Instruction Fuzzy Hash: 38129B715083419FC714DF18E880A2EBBE6FBC9314F58CA2CE4999B291D731D945EF92
                                                                                                                              Function 0056F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: dg$hi
                                                                                                                              • API String ID: 0-2859417413
                                                                                                                              • Opcode ID: 8cdfa1074cf96dd96197534a6a3728f283472cb9d37cfbbe97eb84c6fdf84993
                                                                                                                              • Instruction ID: 259aaeabfe870a0a6b78f95b4bcb72454190b7d61e4f775784dc0849f2c65e66
                                                                                                                              • Opcode Fuzzy Hash: 8cdfa1074cf96dd96197534a6a3728f283472cb9d37cfbbe97eb84c6fdf84993
                                                                                                                              • Instruction Fuzzy Hash: C0F18471A18341EFE304CF24D895B2ABBE6FF96344F14992CF5859B2A1C738D845CB52
                                                                                                                              Function 005335B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Inf$NaN
                                                                                                                              • API String ID: 0-3500518849
                                                                                                                              • Opcode ID: faad553d5ad94bf1d17eb519d27997c4e4da39a914d51dee908658d93de24c38
                                                                                                                              • Instruction ID: cf107ffdde757d4554984dff13924dfbb5324916f1a1737c52496eb819d54a7b
                                                                                                                              • Opcode Fuzzy Hash: faad553d5ad94bf1d17eb519d27997c4e4da39a914d51dee908658d93de24c38
                                                                                                                              • Instruction Fuzzy Hash: AAD1E4B2A083119BC704CF29C88061EFBE1FFC8750F158A2DF999973A0E675DD459B82
                                                                                                                              Function 00700DEE Relevance: 2.9, Strings: 1, Instructions: 1649COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 7=
                                                                                                                              • API String ID: 0-363317111
                                                                                                                              • Opcode ID: 8c75914727537c0edbe750ec57abce10f97ef4034a846108501ee0ae5271c10d
                                                                                                                              • Instruction ID: 841a6f9ae6a12f6c109dd4924277750a58def1945dc67140224171bd61e3b2c8
                                                                                                                              • Opcode Fuzzy Hash: 8c75914727537c0edbe750ec57abce10f97ef4034a846108501ee0ae5271c10d
                                                                                                                              • Instruction Fuzzy Hash: 7BB20AF3A082009FE304AE2DEC4567AB7EAEFD4720F1A853DE6C4C7744EA7558058697
                                                                                                                              Function 00707A14 Relevance: 2.9, Strings: 1, Instructions: 1639COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !ew
                                                                                                                              • API String ID: 0-4092875556
                                                                                                                              • Opcode ID: dd88e6b72eb9616ca1fba3323be9a08f1107905ab63dd4fe4fcc4f529bb4aba6
                                                                                                                              • Instruction ID: e3272f434d8cddb9b2875b1857958ad0ab7b55e5099f657928255d18222c8fda
                                                                                                                              • Opcode Fuzzy Hash: dd88e6b72eb9616ca1fba3323be9a08f1107905ab63dd4fe4fcc4f529bb4aba6
                                                                                                                              • Instruction Fuzzy Hash: 11B227F3A0C2149FE3046E2DEC8567AFBE9EF94320F16493DEAC487744EA3558058693
                                                                                                                              Function 00673B62 Relevance: 2.7, Strings: 2, Instructions: 199COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: <Y{d$<Y{d
                                                                                                                              • API String ID: 0-1923799174
                                                                                                                              • Opcode ID: 1ffbe876a11943575953c504c3ba2aaf0973ceb7208aee4bb560b0a0f1af9b62
                                                                                                                              • Instruction ID: 0c5707ff90598ec3a156b650fd8c543dfea2513788b0d951a097be98ceb318e2
                                                                                                                              • Opcode Fuzzy Hash: 1ffbe876a11943575953c504c3ba2aaf0973ceb7208aee4bb560b0a0f1af9b62
                                                                                                                              • Instruction Fuzzy Hash: 3D5171B360C6009FE314AE29DD8577EF7E5EF98320F16892DE6C4D7740EA3498448B96
                                                                                                                              Function 0054FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: BaBc$Ye[g
                                                                                                                              • API String ID: 0-286865133
                                                                                                                              • Opcode ID: a7c4662286bed6a54ea458346522079f0dad9a0f00f8c5bbfe80b7c6efbc9b6e
                                                                                                                              • Instruction ID: 9d0d9b480d3a84bebee88f6e7de50c482ffcde9286db2dabdd4cb2906e0061a5
                                                                                                                              • Opcode Fuzzy Hash: a7c4662286bed6a54ea458346522079f0dad9a0f00f8c5bbfe80b7c6efbc9b6e
                                                                                                                              • Instruction Fuzzy Hash: 0551CE716083818BC731CF14C895BABBBE0FF96311F485D1EE8998B691E3749948CB57
                                                                                                                              Function 00706B5D Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Je8y
                                                                                                                              • API String ID: 0-2780240877
                                                                                                                              • Opcode ID: 32bc550fce1a9acb63616a6d4c31186473e63282c9760b0dcfae150c74f3bb91
                                                                                                                              • Instruction ID: eefb92f0c7382850c47e00716d7d294d523a63fda890c0f55ee2b180f0d2ca26
                                                                                                                              • Opcode Fuzzy Hash: 32bc550fce1a9acb63616a6d4c31186473e63282c9760b0dcfae150c74f3bb91
                                                                                                                              • Instruction Fuzzy Hash: E1022AF3A086049FE3046E29EC8567AFBE9EFD4320F16863DEAC493744E93558058697
                                                                                                                              Function 00535160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %1.17g
                                                                                                                              • API String ID: 0-1551345525
                                                                                                                              • Opcode ID: 41864706ce6de7eec49d17e8a1e1b2ad74df1096a5b9f34534f2e950179bc225
                                                                                                                              • Instruction ID: 99e58dd68ea79dfc2917beb9bd9f63ae1e0c4dd3606065e608e3307b84d95c5c
                                                                                                                              • Opcode Fuzzy Hash: 41864706ce6de7eec49d17e8a1e1b2ad74df1096a5b9f34534f2e950179bc225
                                                                                                                              • Instruction Fuzzy Hash: 8E22C3B6A08B428BE7158E18D540326BFA2FFE0344F2DA96DD8998B351F771DC45C781
                                                                                                                              Function 005612D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: "
                                                                                                                              • API String ID: 0-123907689
                                                                                                                              • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                              • Instruction ID: 7c3f5c9d65cf63800297aad2de6e45c057b0bc687ee9f22d6b539d718e2432d7
                                                                                                                              • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                              • Instruction Fuzzy Hash: B5F10271A087414FC724CE29C494A3BBFE6BBC5354F1CC96DE89A8B382DA34DD058796
                                                                                                                              Function 0055AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: d96c0cdf4f69fb8ced6901756258cfbedcd947d23707f334505eafe0cda07e5c
                                                                                                                              • Instruction ID: 80c2560a490e2cd90d9abe68266f9c3a32d7bcec1661d1bbe09c66b83518e44f
                                                                                                                              • Opcode Fuzzy Hash: d96c0cdf4f69fb8ced6901756258cfbedcd947d23707f334505eafe0cda07e5c
                                                                                                                              • Instruction Fuzzy Hash: BFE1DA35508706CBD310DF28C8A456EBBE2FFA8782F558D1DE8C597260E330A959DB82
                                                                                                                              Function 00546EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: caaef6d0c3db46d6824f0edfc1be4c7fc21373cb3b3fc97b539b7bb712e63227
                                                                                                                              • Instruction ID: a1c15be492014187b1082e40cd1cb49df3a6cca54a8e5cc3b41bcbd4f6c7de89
                                                                                                                              • Opcode Fuzzy Hash: caaef6d0c3db46d6824f0edfc1be4c7fc21373cb3b3fc97b539b7bb712e63227
                                                                                                                              • Instruction Fuzzy Hash: E9F1C1B5A00702CFC724DF24E881A66BBF6FF99318B14892DD49B87691EB30F855DB41
                                                                                                                              Function 00557E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 98d2644b8f08f593ed9b22586cac377674c3d9ee6b18fb2f0123189b146e37bc
                                                                                                                              • Instruction ID: ce39aa3b3b0b50636f11d1a3f374260e8198d088cd9211397e7b2452b83d7387
                                                                                                                              • Opcode Fuzzy Hash: 98d2644b8f08f593ed9b22586cac377674c3d9ee6b18fb2f0123189b146e37bc
                                                                                                                              • Instruction Fuzzy Hash: E9C1DF75508301ABD710EB14D8A2A3BBBF5FF95355F088819F8C5AB251E734EC09DBA2
                                                                                                                              Function 00558D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 825ed1cc329ad6c1a43fe50b7f9ee725b887758799cd2f6d097d1c27aee50803
                                                                                                                              • Instruction ID: 5ce8ecf29d2e69e716e51a997917265d1e697671a4af80395b6334c53ea2cbe5
                                                                                                                              • Opcode Fuzzy Hash: 825ed1cc329ad6c1a43fe50b7f9ee725b887758799cd2f6d097d1c27aee50803
                                                                                                                              • Instruction Fuzzy Hash: FED1FF70609302DFD744DF68DC90A2ABBE5FF98301F49986DE886E7291E734E808DB51
                                                                                                                              Function 00544487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: BIT
                                                                                                                              • API String ID: 0-3252871453
                                                                                                                              • Opcode ID: 4f088db275ae0281147a920004dde3c5d2525048038d26bc22506453e6569a81
                                                                                                                              • Instruction ID: 9096df0bd7823c521e1282d7c3f73b72d7043351ef355b6a50fa2316211c2a74
                                                                                                                              • Opcode Fuzzy Hash: 4f088db275ae0281147a920004dde3c5d2525048038d26bc22506453e6569a81
                                                                                                                              • Instruction Fuzzy Hash: A6E1FFB5501B008FD365CF28E996B97BBE1FF46708F04886CE4AACB752E735B8148B54
                                                                                                                              Function 00577FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: P
                                                                                                                              • API String ID: 0-3110715001
                                                                                                                              • Opcode ID: 0923c6bd3da615bdb57e148ec4fe4591440f3f5e200e18dbd25fd54d4aef1e68
                                                                                                                              • Instruction ID: 73a39e591d820533da41916f89cc3daf424eee7465c451823242d501383d4e44
                                                                                                                              • Opcode Fuzzy Hash: 0923c6bd3da615bdb57e148ec4fe4591440f3f5e200e18dbd25fd54d4aef1e68
                                                                                                                              • Instruction Fuzzy Hash: 7BD1E6329482614FC725CE18E89472EBAE1FB84758F15CA2CE8B9AB381DB71DC05D7D1
                                                                                                                              Function 00576CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: "pW
                                                                                                                              • API String ID: 0-515438141
                                                                                                                              • Opcode ID: 5279c5f0f8cb927110bbb2fdf783c7d39119c71660fc2b4bfa55cdc7f72b9bb4
                                                                                                                              • Instruction ID: 8d7f03cb4e887b1fea34cd54bbeaf182772804afd0dbd0d2476f9d0d7b0217ad
                                                                                                                              • Opcode Fuzzy Hash: 5279c5f0f8cb927110bbb2fdf783c7d39119c71660fc2b4bfa55cdc7f72b9bb4
                                                                                                                              • Instruction Fuzzy Hash: B8D1DF36618755CFC714CF38E88052ABBE1BF99314F098A6CE895E7391D330DA48DB91
                                                                                                                              Function 0055CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 2994545307-3233224373
                                                                                                                              • Opcode ID: 717f409aab96266fb819588cbb5f00f24c731e3701fd9d76ed7e02d944591162
                                                                                                                              • Instruction ID: 572b04e4e16b81a41e7693b25262b69b4b835fbdb0cca3c1dd3abf684c2edd40
                                                                                                                              • Opcode Fuzzy Hash: 717f409aab96266fb819588cbb5f00f24c731e3701fd9d76ed7e02d944591162
                                                                                                                              • Instruction Fuzzy Hash: FEB1FF715083018FD714DF14D8A1A2BBFF6FF95342F14482EE9859B292E335E858CBA2
                                                                                                                              Function 0064FA98 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: z~?v
                                                                                                                              • API String ID: 0-2584814731
                                                                                                                              • Opcode ID: d04f1aca3e55cd9121366dd8629815810b1f809bd11900d6cc6e0ae763178c1c
                                                                                                                              • Instruction ID: fc20e81b99c90351c33c23ab6a519af949b2a71eaedf8feeb2985bd6b9b7cb74
                                                                                                                              • Opcode Fuzzy Hash: d04f1aca3e55cd9121366dd8629815810b1f809bd11900d6cc6e0ae763178c1c
                                                                                                                              • Instruction Fuzzy Hash: 608127F3E192105BE304A93DDC4576AB6DADBD4320F2B853DAAC8D7B84FD39890542C6
                                                                                                                              Function 0053A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ,
                                                                                                                              • API String ID: 0-3772416878
                                                                                                                              • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                              • Instruction ID: b866c956e975320d9337d9327b401f6bd497319c5b96bb5beec178bf567a8b8b
                                                                                                                              • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                              • Instruction Fuzzy Hash: D1B116712083819FD325CF28C89061BFFE1AFA9704F448A2DE5D997342D671EA18CB67
                                                                                                                              Function 0056FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: f2e275ed3b33ea6474806d8c3fc899bcc58fd8a1c36848aa36c7b4a9663a4579
                                                                                                                              • Instruction ID: e20cc438e6628b35103c731055a95bf37f60d0903c9c3344b8393cceecde0211
                                                                                                                              • Opcode Fuzzy Hash: f2e275ed3b33ea6474806d8c3fc899bcc58fd8a1c36848aa36c7b4a9663a4579
                                                                                                                              • Instruction Fuzzy Hash: 7481DE70508301EBD710DF54E885A2EBBF5FB99741F04982CF6C997251E731E818EB62
                                                                                                                              Function 0054D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: f92e04fe0b01e1fc1d0dca2e85330dec589eb3470e8ccd179f705145ad07c44a
                                                                                                                              • Instruction ID: 4377c6fb3e832230c7ebd02c9abac3ccab3d3cb8a8e73afe2633e18e579321b2
                                                                                                                              • Opcode Fuzzy Hash: f92e04fe0b01e1fc1d0dca2e85330dec589eb3470e8ccd179f705145ad07c44a
                                                                                                                              • Instruction Fuzzy Hash: F861F372908205DBD710EF18DC46ABABBB0FF95358F08582CF9859B391E731D914D7A2
                                                                                                                              Function 00574A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: ed2db71e8eea74910a151bd3d0657296f0465edd6e616afb44463eb7c5610b0e
                                                                                                                              • Instruction ID: 97a2cf9d103eb5ce90893f98b7aff1d8ddf51f03b251328fc4ea8562088338e4
                                                                                                                              • Opcode Fuzzy Hash: ed2db71e8eea74910a151bd3d0657296f0465edd6e616afb44463eb7c5610b0e
                                                                                                                              • Instruction Fuzzy Hash: 9161CF716083019BDB119F15E880B2ABBEAFBC4310F58C91CE98D87261D771EC04EF92
                                                                                                                              Function 0053E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0053E333
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                              • API String ID: 0-2471034898
                                                                                                                              • Opcode ID: a4e583a74f89152def61b801015efebdd17c873e90ebcca54d095e6af9035010
                                                                                                                              • Instruction ID: ff0eaefd2c9a599ca137623e943d796860fd8bd844e2921c1271e7d580ce88d9
                                                                                                                              • Opcode Fuzzy Hash: a4e583a74f89152def61b801015efebdd17c873e90ebcca54d095e6af9035010
                                                                                                                              • Instruction Fuzzy Hash: EF514437A196904BD329893C5C522AA6FC72FE2334F2D8B69E9F58B3E0D51588049390
                                                                                                                              Function 00573920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 4b2c39c8df3e1177d94c56b3527e0786d6d332a33ec649ed6c9057346709951d
                                                                                                                              • Instruction ID: a078058b510144392a63c3dbeefe9a9551d4dccda81fd16dfbb0c32a2c4d8842
                                                                                                                              • Opcode Fuzzy Hash: 4b2c39c8df3e1177d94c56b3527e0786d6d332a33ec649ed6c9057346709951d
                                                                                                                              • Instruction Fuzzy Hash: 0C519E706092019BCB24DF19E885A2ABFE5FB85764F18C82CE4CA97251D372DD10FB62
                                                                                                                              Function 00541BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: L3
                                                                                                                              • API String ID: 0-2730849248
                                                                                                                              • Opcode ID: b2e761d1fbaae9901a7f23c2b32f7a25a00d9673f5f90928234dcff0e89ebc6a
                                                                                                                              • Instruction ID: 03b51cb3af1a81e7e1dbf6ea0704afe17e9c940e3155b4eff9474529a72b3706
                                                                                                                              • Opcode Fuzzy Hash: b2e761d1fbaae9901a7f23c2b32f7a25a00d9673f5f90928234dcff0e89ebc6a
                                                                                                                              • Instruction Fuzzy Hash: A04160B44083819BC7149F24D894A6FBBF0BF86318F04991CF9C59B291E736CA45CB5A
                                                                                                                              Function 0056FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 9b74b3680fc569405f925e7dbe37ebbd6f8a41b2ee18d4e3faab8965aab6fd15
                                                                                                                              • Instruction ID: c8856514cac74a52faf2dac46ebcf832e2d4c29b45bed9f45d2f111315634c4d
                                                                                                                              • Opcode Fuzzy Hash: 9b74b3680fc569405f925e7dbe37ebbd6f8a41b2ee18d4e3faab8965aab6fd15
                                                                                                                              • Instruction Fuzzy Hash: 7831D575904305EBD610EA14EC49B2BBBE8FB85754F949828F889D7292E221DC14E762
                                                                                                                              Function 0055E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 72?1
                                                                                                                              • API String ID: 0-1649870076
                                                                                                                              • Opcode ID: c31a234826113b6caf6a022a49b7175baf9094299cb87e9774116073dbd69023
                                                                                                                              • Instruction ID: abee931ce553ed37384e611519fea2c72295420256485469691f0cec28b2d220
                                                                                                                              • Opcode Fuzzy Hash: c31a234826113b6caf6a022a49b7175baf9094299cb87e9774116073dbd69023
                                                                                                                              • Instruction Fuzzy Hash: 193106B5900645CFC720DF94E89156FBFB5FB5A345F140859E846AB301C331AE09DBA1
                                                                                                                              Function 00546F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 34fbc10fd098a567dc28b877148b214597cc0d8a95829a62bf720bdf285737ca
                                                                                                                              • Instruction ID: 65cdab9b75d3055845fc73057a503cb1e5806eac1c3b1643ef46b29168368ea5
                                                                                                                              • Opcode Fuzzy Hash: 34fbc10fd098a567dc28b877148b214597cc0d8a95829a62bf720bdf285737ca
                                                                                                                              • Instruction Fuzzy Hash: 55415975205B04DBD734CB61D998B26BBF2FB4D708F148818E98B9B6A1E331F8009F10
                                                                                                                              Function 0055E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 72?1
                                                                                                                              • API String ID: 0-1649870076
                                                                                                                              • Opcode ID: 4dbcdb981d00d772c7be861f7e8f9c554e4a88deb770abeaca5b11b9db568644
                                                                                                                              • Instruction ID: 8ee57050d081e0ef6f74fb44e69c69cb6da8870cbebe5f6733450b1c9e40ea0d
                                                                                                                              • Opcode Fuzzy Hash: 4dbcdb981d00d772c7be861f7e8f9c554e4a88deb770abeaca5b11b9db568644
                                                                                                                              • Instruction Fuzzy Hash: 362100B1900645CFC720CF94E89196FBFB9FB5A341F18085DE846AB301C335AE09DBA6
                                                                                                                              Function 00579CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                                              • Opcode ID: ca64ed6710ba94d9dbcb429cfacb20b62efb521ebb60cba45b1ceb217faa18a5
                                                                                                                              • Instruction ID: 4d9e2450226f2b7e744d13135105665e22dd9656e8aac0016e71e8c6b00efdeb
                                                                                                                              • Opcode Fuzzy Hash: ca64ed6710ba94d9dbcb429cfacb20b62efb521ebb60cba45b1ceb217faa18a5
                                                                                                                              • Instruction Fuzzy Hash: 0C3178705083009BD320EF14E880A2AFBF9FF9A354F54D92CE5C997251E335D904DBA6
                                                                                                                              Function 0066E20D Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RYoc
                                                                                                                              • API String ID: 0-368265856
                                                                                                                              • Opcode ID: e5eb45ede913752d1dd520990e1b43bd8714a52c165ea3fccdda3d32f41d9b1e
                                                                                                                              • Instruction ID: caa2e8e5fe7670e4b4ec603020bd232a9ffde8beeeafc21b705527ad003936bb
                                                                                                                              • Opcode Fuzzy Hash: e5eb45ede913752d1dd520990e1b43bd8714a52c165ea3fccdda3d32f41d9b1e
                                                                                                                              • Instruction Fuzzy Hash: 042107F3A497015BF3405879ECC9766B6DBDBD5325F2F8439A688D3788E87888024296
                                                                                                                              Function 007A9892 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: PAvs
                                                                                                                              • API String ID: 0-729336255
                                                                                                                              • Opcode ID: 1c26bc8cb431389015372e0327fe69705865dac3e160b209172c81065786ace4
                                                                                                                              • Instruction ID: 0564114187203d20939508ce09c90da6e66f8224839a41b83a57702099df074b
                                                                                                                              • Opcode Fuzzy Hash: 1c26bc8cb431389015372e0327fe69705865dac3e160b209172c81065786ace4
                                                                                                                              • Instruction Fuzzy Hash: 9F113DF311C308AFE35CAA59EC866B7B7D9EB44260F25452EE385C3740ED75640091DB
                                                                                                                              Function 00544E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b4e4f394845bfb954f44bc518d1994472d01b4e9da39411dd692f898fb35a75e
                                                                                                                              • Instruction ID: b705896b47deb6995101a589d61b381e07bcbb31c17af9be8a59d05dd19ac4a9
                                                                                                                              • Opcode Fuzzy Hash: b4e4f394845bfb954f44bc518d1994472d01b4e9da39411dd692f898fb35a75e
                                                                                                                              • Instruction Fuzzy Hash: 456257B4500B018FD725CF24D984B67BBF6BF5A708F54892CD49A8BA52E730F848CB91
                                                                                                                              Function 0053BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                              • Instruction ID: adbdf2ed2c01559a7ef6b08593a4d55ad9609d6184ad003352c30a248e8212fc
                                                                                                                              • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                              • Instruction Fuzzy Hash: 885208329087118BC725DF18D8442BBFBE1FFD5319F294A2DD9C6A7281E734A851CB86
                                                                                                                              Function 00578652 Relevance: .7, Instructions: 710COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 35ced9e820b7458f730c5923ed20aadf0d5754b155f8586b981c7d16c31cef31
                                                                                                                              • Instruction ID: 176b49d9fac56e6837ac1449b213d5c160d3f23aae4310dfcb7db3236cf3b7ae
                                                                                                                              • Opcode Fuzzy Hash: 35ced9e820b7458f730c5923ed20aadf0d5754b155f8586b981c7d16c31cef31
                                                                                                                              • Instruction Fuzzy Hash: E322CA35608342CFC704DF68E88462ABBF1FBA9315F09886DE98A97351D735D854EF42
                                                                                                                              Function 005786F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 28eb9b33366cea9d8dfa99a9e92755a64b7084a94681e749fdde6e5d241608f9
                                                                                                                              • Instruction ID: a44de7cac9fd5d257ca5bcbd2ff9012206fa8ff8af6375b05c1f9835d1dccb39
                                                                                                                              • Opcode Fuzzy Hash: 28eb9b33366cea9d8dfa99a9e92755a64b7084a94681e749fdde6e5d241608f9
                                                                                                                              • Instruction Fuzzy Hash: E922C935608342CFC704DF68E89462ABBF1FB9A305F09886DE88997352D735E854EF52
                                                                                                                              Function 0053B3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 38cc4c70ab421d0ee8af2877caead61411d34e3bde2c5a9a36199e2e205962e7
                                                                                                                              • Instruction ID: 891f74cc5b47a58bd88c98f7083ca9f450803705175f922bb60b7ae6798f991b
                                                                                                                              • Opcode Fuzzy Hash: 38cc4c70ab421d0ee8af2877caead61411d34e3bde2c5a9a36199e2e205962e7
                                                                                                                              • Instruction Fuzzy Hash: F55270B0908B888FF735CB24C4847A7BFE2FB91314F144D2DC6E646A82D779A985CB51
                                                                                                                              Function 005371F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2ae9feae18856232732e3a15bdb081ca288824e77e2dc322917b537be72c7d54
                                                                                                                              • Instruction ID: d83523f3782f41ef43e97993faa1e0c39da8614bbb161393eb654e625c783642
                                                                                                                              • Opcode Fuzzy Hash: 2ae9feae18856232732e3a15bdb081ca288824e77e2dc322917b537be72c7d54
                                                                                                                              • Instruction Fuzzy Hash: 335292B190C3498FCB25CF19C0906AABFE1FF88314F198A6DE89957352D774E949CB81
                                                                                                                              Function 00538FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 243e4cc087036339d7ffdc190efc528b33cc51d45170c803d680c779d490f4be
                                                                                                                              • Instruction ID: 60c5f302c914e277246847480116a65cec4fd699d3d957323c81e0010bf6ed29
                                                                                                                              • Opcode Fuzzy Hash: 243e4cc087036339d7ffdc190efc528b33cc51d45170c803d680c779d490f4be
                                                                                                                              • Instruction Fuzzy Hash: 4D427975608301DFD714CF28E85175ABBE2BF88315F0988ACE4898B3A1D775D989EF42
                                                                                                                              Function 00537BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 03c751f8c6adf5caccb6bbf0b26648088c269bdbb9ba18cf224282629c77c7c2
                                                                                                                              • Instruction ID: 98b74c4bd2b797d8be76448bcd881ff9eca931eb6bf2ecb9f79b6fa256e10f7e
                                                                                                                              • Opcode Fuzzy Hash: 03c751f8c6adf5caccb6bbf0b26648088c269bdbb9ba18cf224282629c77c7c2
                                                                                                                              • Instruction Fuzzy Hash: 303202B0914B158FC378CE29C59052ABBF1BF49710BA44A2EE6A787B91D736F845CB10
                                                                                                                              Function 005789A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 04cdd11d1442b048bf3293ab7c3f56396b0ea34cca6c6ec026f16f27d0859085
                                                                                                                              • Instruction ID: 55c31305d3a57a95dc609ce60056cf331e1bbad6e3670ba14cc0adf7a6407461
                                                                                                                              • Opcode Fuzzy Hash: 04cdd11d1442b048bf3293ab7c3f56396b0ea34cca6c6ec026f16f27d0859085
                                                                                                                              • Instruction Fuzzy Hash: BF02A83460C342DFC704DF68E88062ABBF1FB9A305F09896DE88997262D735D854DB92
                                                                                                                              Function 00578A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0cfb5765881a859f9a91fff84492c4669ab23b7c6b9b77ab11c6fd37791f43c1
                                                                                                                              • Instruction ID: 1c1fdab0269330890b5d6256e2f691f0d0a48b2c390610b6149bb24d69b59c46
                                                                                                                              • Opcode Fuzzy Hash: 0cfb5765881a859f9a91fff84492c4669ab23b7c6b9b77ab11c6fd37791f43c1
                                                                                                                              • Instruction Fuzzy Hash: 5EF1893460C341DFC704EF28E88462EBBE1BB9A305F098D2DE8C997252D736D954DB92
                                                                                                                              Function 00578C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: de62aa62efd09a432287193854bdebbb33c0e32cc4148b439d4133db566622a2
                                                                                                                              • Instruction ID: 98021ff7faa53e0fd1ac32e6962a3024595775c0845db5462894d9b27ff0c00e
                                                                                                                              • Opcode Fuzzy Hash: de62aa62efd09a432287193854bdebbb33c0e32cc4148b439d4133db566622a2
                                                                                                                              • Instruction Fuzzy Hash: EBE1AC3561C341CFC704DF28E88062ABBF2BB9A315F09896CE8D997351D736D914DB92
                                                                                                                              Function 0053A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                              • Instruction ID: 8b8e8de4c2c8a89c9ea065c7d5157ecc5c7908d7b64ad9f9fa037ec7cfb08920
                                                                                                                              • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                              • Instruction Fuzzy Hash: EEF18A766087418FD724CF29C88166BFBE6BFD8300F08882DE4D587752E639E945CB96
                                                                                                                              Function 00578E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fcbf207546dbd2b75cc04c7ed2a61835b90dae3f81030aa63dc8a3c9a5be8dcb
                                                                                                                              • Instruction ID: 3b62f3e5e1f135787f99c284392ab8200232e8c5dd7c19f294c7eefa627a6d3e
                                                                                                                              • Opcode Fuzzy Hash: fcbf207546dbd2b75cc04c7ed2a61835b90dae3f81030aa63dc8a3c9a5be8dcb
                                                                                                                              • Instruction Fuzzy Hash: A4D18B3460C281DFD704EF28E88462EBBF5FB9A305F09896DE8C997252D736D814DB52
                                                                                                                              Function 00577AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 69fee025a59a4826c07d27196e09ee8b0f29b11fbdcb009f0316d8021955f186
                                                                                                                              • Instruction ID: 96448cd6110f6fe9f35752cba5efb05313ddb6e6b3944c01ec20056b16e8f81f
                                                                                                                              • Opcode Fuzzy Hash: 69fee025a59a4826c07d27196e09ee8b0f29b11fbdcb009f0316d8021955f186
                                                                                                                              • Instruction Fuzzy Hash: 73B11772A083544BD724DA28EC45B6BBBE9FBC8314F08896CE99DD7381E631DC049792
                                                                                                                              Function 0053AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                              • Instruction ID: 3c778312f502d0868ec3d35d330375398bd76537879873e20e5bdfed893a6629
                                                                                                                              • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                              • Instruction Fuzzy Hash: 27C15E72A087418FD360CF68DC967ABBBF1BF85318F08492DD2D9C6242E778A155CB46
                                                                                                                              Function 00546536 Relevance: .3, Instructions: 295COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b6af5b7bcd75a19610d66a4ce63e0f78e0e2956ff439682e8710ce0cf298877c
                                                                                                                              • Instruction ID: 54919bca780e2048347bdd723438269ca37bd720242c5f8c2ab4d428a92e774e
                                                                                                                              • Opcode Fuzzy Hash: b6af5b7bcd75a19610d66a4ce63e0f78e0e2956ff439682e8710ce0cf298877c
                                                                                                                              • Instruction Fuzzy Hash: D5B1FFB4600B408BD3258F24D985BA7BBF1BF46708F54885CE8AA8BA52E735F805CB55
                                                                                                                              Function 00577710 Relevance: .3, Instructions: 287COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 8d9f00a407163cd535a3cd3a8695d935bd380077264032cb1c04da1dbc5e779d
                                                                                                                              • Instruction ID: 54cedcef24f1b42cb5d41a101f443c79c1ff6985d3fa57f733fa752c9cbb62ee
                                                                                                                              • Opcode Fuzzy Hash: 8d9f00a407163cd535a3cd3a8695d935bd380077264032cb1c04da1dbc5e779d
                                                                                                                              • Instruction Fuzzy Hash: 08919B71608305ABE720DB14F844B6BBBE6FB89354F54C81CF99997352E730E940EB92
                                                                                                                              Function 0057A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c7b023e36da934319db3af2a78ab502ef9b21459ee0ff1acac03c4ec31769e8b
                                                                                                                              • Instruction ID: b0c3d97443442c487c9ab878da43d511f9d82539777a6b6ef3c1da263946f587
                                                                                                                              • Opcode Fuzzy Hash: c7b023e36da934319db3af2a78ab502ef9b21459ee0ff1acac03c4ec31769e8b
                                                                                                                              • Instruction Fuzzy Hash: B0817E342087018BD724DF28E880A2EBBE5FF95750F55C92CE98AC7252E731EC10DB92
                                                                                                                              Function 005664F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: be2a94c2ac0a2f6275b7bf604d764e929fee806db1f293e8f16b27e00e5818f7
                                                                                                                              • Instruction ID: 0c1a80ecdad9fa411a97849d17f48411be39dce0c5ddfb9042bed0936ee77135
                                                                                                                              • Opcode Fuzzy Hash: be2a94c2ac0a2f6275b7bf604d764e929fee806db1f293e8f16b27e00e5818f7
                                                                                                                              • Instruction Fuzzy Hash: BE71F433B29A904BC3148D3C9C82395AE936BE6334F3EC779A8B5CB3E5D6294C065351
                                                                                                                              Function 005528E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9c4ba8b7d17ddd020964507b559e19db533dc0d89075415177203f7262ba0875
                                                                                                                              • Instruction ID: 7174bd05019f654fb67e02131209ed272dc57f82eda1196bd1da6f7d48bbed54
                                                                                                                              • Opcode Fuzzy Hash: 9c4ba8b7d17ddd020964507b559e19db533dc0d89075415177203f7262ba0875
                                                                                                                              • Instruction Fuzzy Hash: F86187B44183408BD310EF59D861A2ABBF0FFA6751F08591EF8C59B261E339D918CB67
                                                                                                                              Function 00557C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 48268d2eeb26c5afc408b07deb2a4ffaed2f74becfb6d11708c5b450f728b693
                                                                                                                              • Instruction ID: 0aaee6e1b0a4fe81eec1c9fd29d708d897f6a31660cbf8fb57b9597dfdc5f773
                                                                                                                              • Opcode Fuzzy Hash: 48268d2eeb26c5afc408b07deb2a4ffaed2f74becfb6d11708c5b450f728b693
                                                                                                                              • Instruction Fuzzy Hash: 1751DFB06082089BDB209B24DCA6B773BB4FF89355F144959F9858B290F371EC08D762
                                                                                                                              Function 0061BB1B Relevance: .2, Instructions: 227COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 37504a2e6010acd7c175b7cb49710e98f4b6e9a2ebfcd925d831f5e7b409f2c8
                                                                                                                              • Instruction ID: f89473b7bea62ac2ddd81d578ef2d81373a273eb7801bf931b7c38ee1e1ec063
                                                                                                                              • Opcode Fuzzy Hash: 37504a2e6010acd7c175b7cb49710e98f4b6e9a2ebfcd925d831f5e7b409f2c8
                                                                                                                              • Instruction Fuzzy Hash: AE6129F350C3049BE318AE2DDD8563AF7D5EF84720F16863DE9C997740E93A68018696
                                                                                                                              Function 00561860 Relevance: .2, Instructions: 217COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                              • Instruction ID: 150327b2183e63e25cf6a3d3c184461e982af6cef1dc1bf98cb2cd5d2809213b
                                                                                                                              • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                              • Instruction Fuzzy Hash: 0661CC31A09B41ABD714CE68C58033EBFE2BBC5390F6CC92DE4898B351D670DD81978A
                                                                                                                              Function 005682D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b023ed1ee5eca3738b311309d14b00428484cf8001b0e7b365182b04082e8106
                                                                                                                              • Instruction ID: a415ec8ba7515826bb4b0f5a8acee4a95a4a5beaca3cc7e7fe0c77866ad5e306
                                                                                                                              • Opcode Fuzzy Hash: b023ed1ee5eca3738b311309d14b00428484cf8001b0e7b365182b04082e8106
                                                                                                                              • Instruction Fuzzy Hash: 06616933B5AA904BC324493D5C553BA6E836BE6334F3ECB6AD8F68B3E4CD6948055341
                                                                                                                              Function 006E229C Relevance: .2, Instructions: 213COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: afdb9a93d856666c972deb51e284f831b74a2ea19cda5cd1cf1bcb85ac9b9612
                                                                                                                              • Instruction ID: a820b46bf5dc8964924b294e2f0068bea94b29db2ba7e76a89971fd4d82f8c73
                                                                                                                              • Opcode Fuzzy Hash: afdb9a93d856666c972deb51e284f831b74a2ea19cda5cd1cf1bcb85ac9b9612
                                                                                                                              • Instruction Fuzzy Hash: AF5158F3A483085FE30C6D3DEC95776B7C6EBA4310F2A813EAB86977C4E87958054196
                                                                                                                              Function 005442FC Relevance: .2, Instructions: 206COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 947e5a158ef57b7d85cd0a423879e52d2d184c21566fcd337b60051b1e67fd5f
                                                                                                                              • Instruction ID: 0ad0660db805d00da24f6f36493f6542bdb49e8ed695414aac935dcbeb34b3e8
                                                                                                                              • Opcode Fuzzy Hash: 947e5a158ef57b7d85cd0a423879e52d2d184c21566fcd337b60051b1e67fd5f
                                                                                                                              • Instruction Fuzzy Hash: 8781D2B4810B00AFD360EF39D94B797BEF4BB06205F404A1DE4EA96655E7306459CBE2
                                                                                                                              Function 0056E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                              • Instruction ID: 9e9b3d7f529b2c9771303a254f75af926c9018dfcc616004bf5f1961e24b9ac1
                                                                                                                              • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                              • Instruction Fuzzy Hash: 0E517CB56097548FE314DF69D89535BBBE1BBC5318F044E2DE4E983350E379DA088B82
                                                                                                                              Function 00577520 Relevance: .2, Instructions: 176COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e68f48dce376f8e87c6ae757cc3e3256c0bf7e7d2d21344171ea9cd71f21061b
                                                                                                                              • Instruction ID: 42e69b42db7f43ce6d157987bbe1d856c2f06f7dfafacfb0fecf1e18971bd877
                                                                                                                              • Opcode Fuzzy Hash: e68f48dce376f8e87c6ae757cc3e3256c0bf7e7d2d21344171ea9cd71f21061b
                                                                                                                              • Instruction Fuzzy Hash: 7551E63160C2149BC7159E18FC90B2EBFE6FB89354F68CA2CE8D997391D631AC14E791
                                                                                                                              Function 00535A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8cd2f1473c240306f7274cb2c37352e607cde985fc584ce9e84c26b3a60a989a
                                                                                                                              • Instruction ID: 685fe718bd2089bada13117055f041bc687bbc0076eff995b56f93722697aee5
                                                                                                                              • Opcode Fuzzy Hash: 8cd2f1473c240306f7274cb2c37352e607cde985fc584ce9e84c26b3a60a989a
                                                                                                                              • Instruction Fuzzy Hash: B051D375A047059FC714DF14C890926BFA1FF85328F595A6CE89A9B352E630EC42CB92
                                                                                                                              Function 006EF9CC Relevance: .1, Instructions: 147COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c3bbb1f0d4d807cb3282b0343e0c0e006f9ae850cf349cf3624867629ff815ed
                                                                                                                              • Instruction ID: e212850761a82e79ad00c9784b6dba87269eab40c1256f2fca16762071a6a05a
                                                                                                                              • Opcode Fuzzy Hash: c3bbb1f0d4d807cb3282b0343e0c0e006f9ae850cf349cf3624867629ff815ed
                                                                                                                              • Instruction Fuzzy Hash: 71519EB3F502254BF3544E28CC643A27292EB95314F2F817C8D896B7C5D97E6D0953C4
                                                                                                                              Function 0055EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1e6f78c0e4d3721875725fde773d3e416fb80190c45d1b17fef842b636ec8852
                                                                                                                              • Instruction ID: 2843348e7337561d6b98a4d6335ce41ae0625db6305aa12bf0feb7955ff584e9
                                                                                                                              • Opcode Fuzzy Hash: 1e6f78c0e4d3721875725fde773d3e416fb80190c45d1b17fef842b636ec8852
                                                                                                                              • Instruction Fuzzy Hash: 8241DF74900316DBCF248F54DC91BADBBB0FF0A301F044149E945BB3A0EB38AA55DB91
                                                                                                                              Function 00579B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dd4302b583e70aea550c4d045bb52204ea56c461197c6d19029d669cf49b9478
                                                                                                                              • Instruction ID: 18f0fcd6ede0825cb4c9a3310626326e974be69256312bca8319133f862d74d1
                                                                                                                              • Opcode Fuzzy Hash: dd4302b583e70aea550c4d045bb52204ea56c461197c6d19029d669cf49b9478
                                                                                                                              • Instruction Fuzzy Hash: 1A417F74208300ABDB11DB15E990B2ABBFAFB95750F54C82CF98E97251D335EC00EB66
                                                                                                                              Function 00542030 Relevance: .1, Instructions: 136COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c6c49dd606d9bb9ecd2710ecfb6eaee848707574394f385b34e1a26ee75059a8
                                                                                                                              • Instruction ID: 1a6ff05dd3594d502df0e964aa8c1f1a2354954296439440da51b3ae235895fe
                                                                                                                              • Opcode Fuzzy Hash: c6c49dd606d9bb9ecd2710ecfb6eaee848707574394f385b34e1a26ee75059a8
                                                                                                                              • Instruction Fuzzy Hash: 5341E872A083654FD35CCE2A849427ABFE2BFC5300F49866EF4DA873D1DA748945D781
                                                                                                                              Function 00541E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f4d851563fb0ee45f8b7693b2c17e8daecf94ac7b5aec7e1911874442c5c896c
                                                                                                                              • Instruction ID: a138e611c505cb6603b2d9ce6707500f4e1282e908be5b7ec409d797fcdefe2c
                                                                                                                              • Opcode Fuzzy Hash: f4d851563fb0ee45f8b7693b2c17e8daecf94ac7b5aec7e1911874442c5c896c
                                                                                                                              • Instruction Fuzzy Hash: 2B410274508380ABD310AB54C888B1EFBF5FB96348F144D1CF6C497252C376D8588F6A
                                                                                                                              Function 00578D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 04b349c5e92398dc91d3b55389cdf396a40a6002d63660355085b8a674c04b83
                                                                                                                              • Instruction ID: 0cf3b51a92b2b435894cb3592139f1b04f743e158aa789c7fbbf49f66abd89c0
                                                                                                                              • Opcode Fuzzy Hash: 04b349c5e92398dc91d3b55389cdf396a40a6002d63660355085b8a674c04b83
                                                                                                                              • Instruction Fuzzy Hash: 3641CF3164C2518FC315DF68D49452EFFE6AF99300F198A2DE4D9DB2A2CB74DD018B82
                                                                                                                              Function 0054D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d5a6012733794895fce966f1d602e99a40112fe600fd489efed39b8697424a5e
                                                                                                                              • Instruction ID: c65a9ace1f3346dc467c1a67910adfa78357163c4c9d25817786c00d9335198f
                                                                                                                              • Opcode Fuzzy Hash: d5a6012733794895fce966f1d602e99a40112fe600fd489efed39b8697424a5e
                                                                                                                              • Instruction Fuzzy Hash: AC41CFB16483818BD7309F10C845BEFBBB0FFA6364F040958E98A9B7A1E7744844DB63
                                                                                                                              Function 0056F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                              • Instruction ID: 767dfe963340b8b89b33b4742069d3d243782e6eae15f69d1cce2a38e4c83d41
                                                                                                                              • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                              • Instruction Fuzzy Hash: C7212532D082244BC3249B19D48453AFBE4FB9A714F06962ED8C4A7296E7359C10C7E1
                                                                                                                              Function 005767EF Relevance: .1, Instructions: 101COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 29c4b597e69b46647b487cd9108d7e00f0b744098460c6f329ea5aa16429a3bc
                                                                                                                              • Instruction ID: 6e7eb183d56712600ff5b5e2767881a9c2e0ecc7ae79157e07df11bf813d8ba5
                                                                                                                              • Opcode Fuzzy Hash: 29c4b597e69b46647b487cd9108d7e00f0b744098460c6f329ea5aa16429a3bc
                                                                                                                              • Instruction Fuzzy Hash: 0F3113705183829AD714CF14D49162FBFF0BF96784F54A80DF4C8AB262D338D985DB9A
                                                                                                                              Function 00555E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0c35e163c07385e8b1429f0f834ea74d95f46f627a2b107c613b87deef92fadf
                                                                                                                              • Instruction ID: 873460d2119835305f9df2e73e425feb16625048ead523a8defffd732844be59
                                                                                                                              • Opcode Fuzzy Hash: 0c35e163c07385e8b1429f0f834ea74d95f46f627a2b107c613b87deef92fadf
                                                                                                                              • Instruction Fuzzy Hash: 5A21B5B05082019BC710AF18C86592BBBF8FF92756F44891DF8D59B291F334D908DBA3
                                                                                                                              Function 005349A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                              • Instruction ID: eb6df437ecc83fca55b4b80719c5c598ce447e1328422b54adc4fa0f54072229
                                                                                                                              • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                              • Instruction Fuzzy Hash: 0A31C8316482019BD7149E58D880A3BBFE2FFC8359F18892DE89A9B341D331EC52CF46
                                                                                                                              Function 007DD575 Relevance: .1, Instructions: 89COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 854a3b6e4e0feaeb34e71a8e6e8a607d702d21e913dba9130732a19d29e596b6
                                                                                                                              • Instruction ID: ecb5d8ab4e9bfb9ee81de67f5c25cbbc1262347f44ed7f35c3bf447d1f2220fc
                                                                                                                              • Opcode Fuzzy Hash: 854a3b6e4e0feaeb34e71a8e6e8a607d702d21e913dba9130732a19d29e596b6
                                                                                                                              • Instruction Fuzzy Hash: E931F0B240C7089FD321BF19D88267AFBE8EF58710F46491DD6D483210EB755990CB8B
                                                                                                                              Function 005764B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d6184d40cf845a1f2ce95ffd3b09c9bb4f34de94714b1dc70be3428966c112ed
                                                                                                                              • Instruction ID: 9adf83711392166d618df70c409cc85b79c7109c8f2260ddb101edb3feb050a3
                                                                                                                              • Opcode Fuzzy Hash: d6184d40cf845a1f2ce95ffd3b09c9bb4f34de94714b1dc70be3428966c112ed
                                                                                                                              • Instruction Fuzzy Hash: DD217A7460C6019FCB04EF19E480A2EFBE2FB95740F18D81CE4C9A7361D334A855EB62
                                                                                                                              Function 00540EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c0c07d9d14a549618d8a08deb31ddba5743f911b6fbe493bcc38956501bc08a9
                                                                                                                              • Instruction ID: 30548c8e1c8c31005c6ca6ad84b1535dae42a4a42b6eeaf75fd641605634b62f
                                                                                                                              • Opcode Fuzzy Hash: c0c07d9d14a549618d8a08deb31ddba5743f911b6fbe493bcc38956501bc08a9
                                                                                                                              • Instruction Fuzzy Hash: 12213CB490022A9FDB15CF94DC90BBEBBB1FF46304F244818E911BB292C735A945CF64
                                                                                                                              Function 00575700 Relevance: .1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a5472ba3784501f08975100f3d165bcf5e4eef01413c05be86f24c17032c4bb5
                                                                                                                              • Instruction ID: 8f4fd8257fa0a2fbd1d2dfe31f0c3702e369c3eb71c31e877b736ebef268d55e
                                                                                                                              • Opcode Fuzzy Hash: a5472ba3784501f08975100f3d165bcf5e4eef01413c05be86f24c17032c4bb5
                                                                                                                              • Instruction Fuzzy Hash: F711917591C240EBC305AF28F845A1BBFF5EF96710F058828E8C89B212E335D814EB93
                                                                                                                              Function 0056B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                              • Instruction ID: fdde68a4d525d6432c89d1c0ae9028e539bf53711144e5ec6633039e0ec2fe26
                                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                              • Instruction Fuzzy Hash: 4511A533A051E94ED3168D3CC440565BFA32AA3635B698399F4B8DB2D2D7238DCA8365
                                                                                                                              Function 00560B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                              • Instruction ID: 0335a6cd1de35b39dd45fb526d5099ca09b17e0380cb3e3433c377036ff15e2a
                                                                                                                              • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                              • Instruction Fuzzy Hash: 090171F5A0130247EB20AE5494D5B3FBBA8BF81718F18952CE80657392DB76EC05D791
                                                                                                                              Function 0055D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fc34eb46a780db76e412a11f8cd3944dfeb38c4c42ac29a9d7e2290b4ae7c450
                                                                                                                              • Instruction ID: 81b39f20db75a65faa674953e316759b21361dc84aaaf25066dde2528722ad79
                                                                                                                              • Opcode Fuzzy Hash: fc34eb46a780db76e412a11f8cd3944dfeb38c4c42ac29a9d7e2290b4ae7c450
                                                                                                                              • Instruction Fuzzy Hash: 5C110BB0408380AFD3209F618498A2FFBE4BBA6714F148C0DE6A49B251C379E809CF16
                                                                                                                              Function 00536EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 13480bf7c755c76479b7d19ed520239b8c69ffc9a77f65bada362d2a0dab4c66
                                                                                                                              • Instruction ID: 7846ead31433361fd0bacfa4dbe8fa03c5f8f6f2fc39c41ddcb800b9c96acb05
                                                                                                                              • Opcode Fuzzy Hash: 13480bf7c755c76479b7d19ed520239b8c69ffc9a77f65bada362d2a0dab4c66
                                                                                                                              • Instruction Fuzzy Hash: 3BF0243A71820A1BB210CDABA88483BB79AEBD9355F14953CEA44C3205DD72E806A190
                                                                                                                              Function 0056B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                              • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                              • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                              • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                              Function 0054C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                              • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                              • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                              • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                              Function 0054B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                              • Instruction ID: d770ef9dbea3af173b59e5b6babfa74966a694f45f2cf12d39a7715be5b9e5b3
                                                                                                                              • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                              • Instruction Fuzzy Hash: 44F05CB160411017EF22CA549CC0FB7BF9DDB8731CF090426F94453103D2A1D844C3E5
                                                                                                                              Function 00568220 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ffdd6338beed34c60eb5da0289f473ef380a0ba8ceb9a16bbda1e5bf7048a3c2
                                                                                                                              • Instruction ID: 197b6462dd21bf49948514fcd953a1b915e5945fe22bc5f1062c1a889af19c96
                                                                                                                              • Opcode Fuzzy Hash: ffdd6338beed34c60eb5da0289f473ef380a0ba8ceb9a16bbda1e5bf7048a3c2
                                                                                                                              • Instruction Fuzzy Hash: A701E4B04107009FD360EF29C445B47BBF8FB08714F108A1DE8AECB680D770A5489B82
                                                                                                                              Function 00571440 Relevance: .0, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                              • Instruction ID: b1f64cb4c1d7e8f25fdf367a7093d7c0309da871c93660bc1b0eda04a2d7dfed
                                                                                                                              • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                              • Instruction Fuzzy Hash: E2D05E31608721469F648E1EA400977FBE1FA87B11F49955EF58AE3148E230DC41D2AD
                                                                                                                              Function 00541ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d74ffc955a6c69e274ef68a3b89d7f1c09b007da44e71c0a36107b415a2b6168
                                                                                                                              • Instruction ID: fedb6cafe6319fb0119596142b89ad1f093faeefdb8954eb87de47d8faab3256
                                                                                                                              • Opcode Fuzzy Hash: d74ffc955a6c69e274ef68a3b89d7f1c09b007da44e71c0a36107b415a2b6168
                                                                                                                              • Instruction Fuzzy Hash: 7DC08C34A180018BCA44CF01FC95432B7B9A72730CB00703ADE07F3232EA20C44ABB09
                                                                                                                              Function 00576094 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2af9cc08f6ca7365f5693ae95f26bc0f66d3a55f9d139e79d26188eee3ab0f90
                                                                                                                              • Instruction ID: 0c938317234df0533429366eb67ca6b75e99d51a736b453c052ed1d764ab347f
                                                                                                                              • Opcode Fuzzy Hash: 2af9cc08f6ca7365f5693ae95f26bc0f66d3a55f9d139e79d26188eee3ab0f90
                                                                                                                              • Instruction Fuzzy Hash: 89C09B7465C10087A30CCF04E951475F7769BA7F15724F01DCC0633255D134D516B61C
                                                                                                                              Function 00541A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 94795bc2b5e125ed7f94a2b38a375f57ba4a3d08ffe8c04190bce415e6229dd0
                                                                                                                              • Instruction ID: 171b60d3f6e4efebdf613261d80b172ac3d7dba45c1aef209de671a3009a7a8d
                                                                                                                              • Opcode Fuzzy Hash: 94795bc2b5e125ed7f94a2b38a375f57ba4a3d08ffe8c04190bce415e6229dd0
                                                                                                                              • Instruction Fuzzy Hash: 8EC09B34A5D040CBC644CF86F8D1571A7FD571720CB10343A9707F7261D560D449B70D
                                                                                                                              Function 00575FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1528038970.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.00000000007EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000829000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528082896.0000000000836000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528314914.0000000000837000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1528422370.00000000009D0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65bf52121c7fa0c7fb60714bb5a0595b3a2fbae7e00c4ad9cc892aec80a4afcb
                                                                                                                              • Instruction ID: 079992df711ce6084207ba909b87b9a5189543c1d5114fafee2ae60ae50cc285
                                                                                                                              • Opcode Fuzzy Hash: 65bf52121c7fa0c7fb60714bb5a0595b3a2fbae7e00c4ad9cc892aec80a4afcb
                                                                                                                              • Instruction Fuzzy Hash: 58C09274B680008BA34CCF18DD51935F2BA9BABE2AB14B02DCC06B3256D134D91A970C