Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1528660
MD5:cc9f4d3852fc71589b37a660197d11d5
SHA1:59e8dceb4013812a86eb0bcdc93a047d3625190b
SHA256:4959ea9b83eb93d47393542fa6bef79b7d81dd272ceb9310f1c6f3e152a06c42
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3208 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CC9F4D3852FC71589B37A660197D11D5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["clearancek.site", "spirittunek.stor", "dissapoiznw.stor", "licendfilteo.site", "bathdoomgaz.stor", "eaglepawnoy.stor", "mobbipenju.stor", "studennotediw.stor"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:06.053296+020020546531A Network Trojan was detected192.168.2.549705172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:06.053296+020020498361A Network Trojan was detected192.168.2.549705172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:03.614184+020020564771Domain Observed Used for C2 Detected192.168.2.5532261.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:03.539214+020020564711Domain Observed Used for C2 Detected192.168.2.5607331.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:03.574274+020020564811Domain Observed Used for C2 Detected192.168.2.5651081.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:03.563007+020020564831Domain Observed Used for C2 Detected192.168.2.5607531.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:03.635424+020020564731Domain Observed Used for C2 Detected192.168.2.5639831.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:03.552608+020020564851Domain Observed Used for C2 Detected192.168.2.5566481.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:03.625128+020020564751Domain Observed Used for C2 Detected192.168.2.5647371.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T08:22:03.585263+020020564791Domain Observed Used for C2 Detected192.168.2.5598831.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.3208.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["clearancek.site", "spirittunek.stor", "dissapoiznw.stor", "licendfilteo.site", "bathdoomgaz.stor", "eaglepawnoy.stor", "mobbipenju.stor", "studennotediw.stor"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: sergei-esenin.comVirustotal: Detection: 11%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 13%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 13%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 13%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 17%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 13%Perma Link
    Source: https://sergei-esenin.com:443/apifiles/76561199724331900Virustotal: Detection: 9%Perma Link
    Source: https://sergei-esenin.com/pVirustotal: Detection: 8%Perma Link
    Source: https://sergei-esenin.com/_Virustotal: Detection: 11%Perma Link
    Source: https://sergei-esenin.com/apihVirustotal: Detection: 11%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: https://sergei-esenin.com/api$Virustotal: Detection: 11%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49705 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0078D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0078D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_007C63B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_007C5700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_007C695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_007C99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0078FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00790EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_007C4040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_007BF030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00796F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00781000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_007C6094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_007AD1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_007A2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_007A2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_007942FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0078A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007B23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007B23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007B23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_007B23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007B23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_007B23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_007AC470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0079D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_007C1440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0079B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_007AE40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_007C64B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00796536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_007C7520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007A9510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00788590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_007AE66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_007BB650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_007C7710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_007C67EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_007AD7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_007A28E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0079D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_007C3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_007849A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00785A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_007C4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00791A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00791ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0079DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0079DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_007C9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00791BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00793BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_007B0B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_007AEC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_007BFC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_007A7C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_007C9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_007C9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_007ACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_007ACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_007ACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_007AAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_007AAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_007ADD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_007AFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_007C8D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_007A5E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007A7E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_007AAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00794E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00796EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0078BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00786EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00791E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_007BFF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_007A9F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0079FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00788FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_007C5FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_007C7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_007C7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00796F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:56648 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:59883 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:53226 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:60753 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:65108 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:60733 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:64737 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:63983 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: spirittunek.stor
    Source: Malware configuration extractorURLs: dissapoiznw.stor
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: bathdoomgaz.stor
    Source: Malware configuration extractorURLs: eaglepawnoy.stor
    Source: Malware configuration extractorURLs: mobbipenju.stor
    Source: Malware configuration extractorURLs: studennotediw.stor
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=cd3472c77f17062a12faec21; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837x equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.2085908053.00000000011D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/_
    Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api$
    Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api?e
    Source: file.exe, 00000000.00000003.2085241301.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086073758.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apih
    Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/g
    Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/p
    Source: file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/apifiles/76561199724331900
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49705 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007902280_2_00790228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C40400_2_007C4040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007920300_2_00792030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007810000_2_00781000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CA0D00_2_007CA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007851600_2_00785160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007871F00_2_007871F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078E1A00_2_0078E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007812F70_2_007812F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B2000_2_0094B200
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B82D00_2_007B82D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B12D00_2_007B12D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2639A0_2_00A2639A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078A3000_2_0078A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B23E00_2_007B23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078B3A00_2_0078B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007813A30_2_007813A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A03600_2_008A0360
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AC4700_2_007AC470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009444AC0_2_009444AC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B64F00_2_007B64F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079049B0_2_0079049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007944870_2_00794487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A55BA0_2_008A55BA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008BB5D20_2_008BB5D2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079C5F00_2_0079C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007835B00_2_007835B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007885900_2_00788590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C86520_2_007C8652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078164F0_2_0078164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BF6200_2_007BF620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C86F00_2_007C86F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B18600_2_007B1860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078A8500_2_0078A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009588270_2_00958827
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BB8C00_2_007BB8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BE8A00_2_007BE8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093F9CC0_2_0093F9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C89A00_2_007C89A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A098B0_2_007A098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C4A400_2_007C4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C7AB00_2_007C7AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C8A800_2_007C8A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C1B9D0_2_008C1B9D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079DB6F0_2_0079DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00951BCE0_2_00951BCE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00787BF00_2_00787BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829B1A0_2_00829B1A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094CB5C0_2_0094CB5C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00956CAB0_2_00956CAB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00955CDA0_2_00955CDA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C8C020_2_007C8C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ACCD00_2_007ACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C6CBF0_2_007C6CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A8D620_2_007A8D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ADD290_2_007ADD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AFD100_2_007AFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082ED660_2_0082ED66
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C8E700_2_007C8E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AAE570_2_007AAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00794E2A0_2_00794E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00796EBF0_2_00796EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078BEB00_2_0078BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F9FCB0_2_009F9FCB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0078AF100_2_0078AF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00788FD00_2_00788FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C7FC00_2_007C7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00939F430_2_00939F43
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0079D300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0078CAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9994134179042904
    Source: file.exeStatic PE information: Section: ailacznz ZLIB complexity 0.9945220854280926
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B8220 CoCreateInstance,0_2_007B8220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 1850368 > 1048576
    Source: file.exeStatic PE information: Raw size of ailacznz is bigger than: 0x100000 < 0x19a400

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.780000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ailacznz:EW;ftzdjqez:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ailacznz:EW;ftzdjqez:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d1e7d should be: 0x1d2fab
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: ailacznz
    Source: file.exeStatic PE information: section name: ftzdjqez
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099509B push edi; mov dword ptr [esp], 51786D00h0_2_009950BE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3C089 push ebx; mov dword ptr [esp], ecx0_2_00A3C10E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F70E0 push 08CA5931h; mov dword ptr [esp], edx0_2_009F70FC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F70E0 push eax; mov dword ptr [esp], esi0_2_009F713A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F70E0 push edx; mov dword ptr [esp], edi0_2_009F71A5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F70E0 push ecx; mov dword ptr [esp], eax0_2_009F7242
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096D1AA push esi; mov dword ptr [esp], eax0_2_0096D709
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A491C4 push 1D3BA9D4h; mov dword ptr [esp], ebp0_2_00A491DF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A491C4 push 42DDC30Fh; mov dword ptr [esp], edi0_2_00A49680
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095C1EB push 12848C1Ch; mov dword ptr [esp], edi0_2_0095C37A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095C1EB push edi; mov dword ptr [esp], 0DF8A17Ah0_2_0095C457
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009CA10D push 4BC4E925h; mov dword ptr [esp], esi0_2_009CA1AD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F6103 push ebx; mov dword ptr [esp], 1CFD8A9Bh0_2_009F613D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F6103 push ebp; mov dword ptr [esp], 73FFE87Ah0_2_009F616C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009F6103 push edx; mov dword ptr [esp], eax0_2_009F6186
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A10101 push edi; mov dword ptr [esp], esi0_2_00A10149
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A10101 push ebx; mov dword ptr [esp], edx0_2_00A10172
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009DA12D push edx; mov dword ptr [esp], edi0_2_009DA184
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009DA12D push eax; mov dword ptr [esp], ecx0_2_009DA1CB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009DA12D push 3B1B2842h; mov dword ptr [esp], esi0_2_009DA1EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097214F push ebp; mov dword ptr [esp], edx0_2_00972159
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CF249 push edx; ret 0_2_007CF24B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push eax; mov dword ptr [esp], ecx0_2_0094B26D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push 09044893h; mov dword ptr [esp], edx0_2_0094B28B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push esi; mov dword ptr [esp], 7BF5FDEDh0_2_0094B290
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push 687BC467h; mov dword ptr [esp], eax0_2_0094B2FD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push edx; mov dword ptr [esp], ecx0_2_0094B34E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push 4701CF00h; mov dword ptr [esp], ecx0_2_0094B359
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push esi; mov dword ptr [esp], 5DAF0DFCh0_2_0094B407
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push 41D14914h; mov dword ptr [esp], edx0_2_0094B429
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094B200 push ecx; mov dword ptr [esp], esp0_2_0094B44B
    Source: file.exeStatic PE information: section name: entropy: 7.9737388508474325
    Source: file.exeStatic PE information: section name: ailacznz entropy: 7.953996751177959

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E3A29 second address: 7E3A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95F3EA second address: 95F3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95F3EE second address: 95F415 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF518700CBFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF518700CBEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95F415 second address: 95F419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95F419 second address: 95F41F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9627E8 second address: 9627EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9627EC second address: 9627F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9627F2 second address: 9627F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9627F7 second address: 962827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF518700CB6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e ja 00007FF518700CC8h 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962827 second address: 962831 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962831 second address: 962837 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962837 second address: 96286E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007FF5188675B0h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF5188675B6h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96286E second address: 7E3A29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pop eax 0x00000008 pushad 0x00000009 mov dword ptr [ebp+122D1895h], esi 0x0000000f mov edx, eax 0x00000011 popad 0x00000012 push dword ptr [ebp+122D116Dh] 0x00000018 mov esi, dword ptr [ebp+122D2C0Ch] 0x0000001e call dword ptr [ebp+122D309Eh] 0x00000024 pushad 0x00000025 xor dword ptr [ebp+122D20BEh], eax 0x0000002b xor eax, eax 0x0000002d sub dword ptr [ebp+122D1ABEh], edx 0x00000033 mov edx, dword ptr [esp+28h] 0x00000037 pushad 0x00000038 jmp 00007FF518700CC4h 0x0000003d jmp 00007FF518700CBCh 0x00000042 popad 0x00000043 mov dword ptr [ebp+122D2A98h], eax 0x00000049 mov dword ptr [ebp+122D20BEh], edx 0x0000004f mov esi, 0000003Ch 0x00000054 sub dword ptr [ebp+122D1CB9h], eax 0x0000005a add esi, dword ptr [esp+24h] 0x0000005e pushad 0x0000005f cld 0x00000060 mov ecx, eax 0x00000062 popad 0x00000063 pushad 0x00000064 mov eax, dword ptr [ebp+122D2ACCh] 0x0000006a add dword ptr [ebp+122D1F48h], edx 0x00000070 popad 0x00000071 lodsw 0x00000073 jg 00007FF518700CC4h 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d cld 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 add dword ptr [ebp+122D34E4h], esi 0x00000088 nop 0x00000089 push eax 0x0000008a push edx 0x0000008b pushad 0x0000008c jp 00007FF518700CB6h 0x00000092 push eax 0x00000093 push edx 0x00000094 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9629C5 second address: 9629CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962AA1 second address: 962AC7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov si, DE55h 0x0000000e sub dword ptr [ebp+122D1EC3h], edx 0x00000014 push 00000000h 0x00000016 xor dword ptr [ebp+122D19A2h], eax 0x0000001c push CC1DBC56h 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962AC7 second address: 962ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962ACB second address: 962B87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF518700CC7h 0x0000000b popad 0x0000000c add dword ptr [esp], 33E2442Ah 0x00000013 movsx esi, si 0x00000016 jmp 00007FF518700CBCh 0x0000001b push 00000003h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007FF518700CB8h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 call 00007FF518700CC6h 0x0000003c jl 00007FF518700CBCh 0x00000042 mov esi, dword ptr [ebp+122D2AD0h] 0x00000048 pop esi 0x00000049 push 00000000h 0x0000004b xor dword ptr [ebp+122D30E5h], ebx 0x00000051 push 00000003h 0x00000053 jbe 00007FF518700CBCh 0x00000059 adc edx, 6EDD9B52h 0x0000005f push BC6F6217h 0x00000064 pushad 0x00000065 pushad 0x00000066 jmp 00007FF518700CC6h 0x0000006b jne 00007FF518700CB6h 0x00000071 popad 0x00000072 push eax 0x00000073 push edx 0x00000074 jnp 00007FF518700CB6h 0x0000007a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962B87 second address: 962BD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 03909DE9h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007FF5188675A8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 lea ebx, dword ptr [ebp+12452713h] 0x0000002e mov edi, dword ptr [ebp+122D2B54h] 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a jnc 00007FF5188675A6h 0x00000040 popad 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962C1C second address: 962C20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962C20 second address: 962C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962C26 second address: 962C60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FF518700CB6h 0x00000009 jg 00007FF518700CB6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 mov esi, 0BCB34CEh 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+122D30E5h], eax 0x00000022 call 00007FF518700CB9h 0x00000027 pushad 0x00000028 jmp 00007FF518700CBAh 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962C60 second address: 962C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962C64 second address: 962C7E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 jnl 00007FF518700CB8h 0x0000000f pop edi 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962C7E second address: 962CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jne 00007FF5188675AAh 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jmp 00007FF5188675B2h 0x0000001b pop eax 0x0000001c jmp 00007FF5188675B9h 0x00000021 push 00000003h 0x00000023 xor dword ptr [ebp+122D30D2h], edx 0x00000029 push 00000000h 0x0000002b jmp 00007FF5188675AAh 0x00000030 push 00000003h 0x00000032 pushad 0x00000033 clc 0x00000034 mov ecx, dword ptr [ebp+122D31B9h] 0x0000003a popad 0x0000003b push 68EA667Ch 0x00000040 pushad 0x00000041 jbe 00007FF5188675A8h 0x00000047 pushad 0x00000048 popad 0x00000049 pushad 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962CF0 second address: 962D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 add dword ptr [esp], 57159984h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FF518700CB8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 lea ebx, dword ptr [ebp+1245271Eh] 0x0000002f mov edi, dword ptr [ebp+122D19DFh] 0x00000035 xchg eax, ebx 0x00000036 jno 00007FF518700CBEh 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 jno 00007FF518700CB6h 0x00000046 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981620 second address: 981625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981625 second address: 98162B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9817B7 second address: 9817F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FF5188675ADh 0x0000000b popad 0x0000000c jc 00007FF5188675A8h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007FF5188675B6h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9817F2 second address: 9817FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9817FA second address: 981800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981800 second address: 981819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF518700CC1h 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981BF2 second address: 981BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981BFB second address: 981C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981C01 second address: 981C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981C05 second address: 981C09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981C09 second address: 981C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981D58 second address: 981D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007FF518700CB6h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981EA7 second address: 981EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981EB1 second address: 981EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981EB7 second address: 981EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981EBE second address: 981EC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981EC4 second address: 981ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF5188675A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98205B second address: 982062 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9824BB second address: 9824D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9824D5 second address: 9824F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF518700CBFh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9824F4 second address: 982531 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF5188675B7h 0x00000008 jmp 00007FF5188675B2h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF5188675ACh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 982531 second address: 98253B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF518700CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 977806 second address: 977826 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FF5188675B3h 0x0000000a jnc 00007FF5188675A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9827CF second address: 9827E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF518700CBAh 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9827E2 second address: 9827E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 982D46 second address: 982D4B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98302A second address: 98305A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FF5188675B2h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 jnl 00007FF5188675A6h 0x0000001a jl 00007FF5188675A6h 0x00000020 popad 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98305A second address: 983077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CC8h 0x00000009 pop ebx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9834DD second address: 9834E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF5188675A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9834E7 second address: 983516 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FF518700CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FF518700CBCh 0x00000012 jmp 00007FF518700CC3h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989584 second address: 98958A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98958A second address: 98959A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94AD04 second address: 94AD45 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push ebx 0x00000009 jns 00007FF5188675A6h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007FF5188675BFh 0x0000001a jmp 00007FF5188675B7h 0x0000001f pushad 0x00000020 popad 0x00000021 jmp 00007FF5188675AEh 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94AD45 second address: 94AD4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94AD4A second address: 94AD50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94AD50 second address: 94AD5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jnl 00007FF518700CB6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 954BE1 second address: 954BEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 954BEB second address: 954BF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 954BF1 second address: 954BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 990470 second address: 99047A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98FFFE second address: 990009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 990009 second address: 99000D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99000D second address: 990013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 990013 second address: 990020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 990020 second address: 990024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 990024 second address: 990036 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 990036 second address: 99004A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF5188675B0h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99018F second address: 9901B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF518700CC7h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9901B2 second address: 9901D1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF5188675B9h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9901D1 second address: 9901D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9901D9 second address: 9901DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99032D second address: 990343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CBBh 0x00000009 jg 00007FF518700CB6h 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9923A3 second address: 9923A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9923A9 second address: 9923F4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF518700CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 078EA93Eh 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FF518700CB8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d xor di, 7893h 0x00000032 push F2BA20B5h 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a push esi 0x0000003b pop esi 0x0000003c jnc 00007FF518700CB6h 0x00000042 popad 0x00000043 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9926B9 second address: 9926CB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FF5188675ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9926CB second address: 9926CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9926CF second address: 9926D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9927B4 second address: 9927B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9927B8 second address: 9927BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 992FF3 second address: 993010 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9930C5 second address: 9930CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9931E9 second address: 9931ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9931ED second address: 993203 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007FF5188675ACh 0x00000010 jne 00007FF5188675A6h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 993488 second address: 993498 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF518700CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9951D4 second address: 995239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF5188675B0h 0x00000009 popad 0x0000000a push eax 0x0000000b jo 00007FF5188675AAh 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 nop 0x00000016 push 00000000h 0x00000018 call 00007FF5188675AFh 0x0000001d jmp 00007FF5188675ABh 0x00000022 pop edi 0x00000023 push 00000000h 0x00000025 jnp 00007FF5188675A9h 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e jc 00007FF5188675B9h 0x00000034 jmp 00007FF5188675B3h 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995239 second address: 99524F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF518700CC2h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995BF3 second address: 995BFD instructions: 0x00000000 rdtsc 0x00000002 je 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995A03 second address: 995A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e js 00007FF518700CB6h 0x00000014 pop edi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995A18 second address: 995A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF5188675AFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995A2B second address: 995A2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 997F9B second address: 997FA1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 999F16 second address: 999F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99D98A second address: 99D9E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF5188675A6h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d je 00007FF5188675B8h 0x00000013 jmp 00007FF5188675B2h 0x00000018 nop 0x00000019 push eax 0x0000001a jmp 00007FF5188675AFh 0x0000001f pop edi 0x00000020 push 00000000h 0x00000022 mov ebx, dword ptr [ebp+122D2D48h] 0x00000028 mov dword ptr [ebp+1247AE7Ch], esi 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+122D1A0Ch], ecx 0x00000036 push eax 0x00000037 js 00007FF5188675B0h 0x0000003d push eax 0x0000003e push edx 0x0000003f push edi 0x00000040 pop edi 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99CBF5 second address: 99CBFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99F9BC second address: 99F9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99EC33 second address: 99EC37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99F9C0 second address: 99F9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99EC37 second address: 99EC3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A09E0 second address: 9A09E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A09E5 second address: 9A09F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A09F5 second address: 9A09FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A09FB second address: 9A0A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A0A01 second address: 9A0A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A0A05 second address: 9A0A79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FF518700CB8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 and edi, 316A4A72h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007FF518700CB8h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 push 00000000h 0x00000047 push ecx 0x00000048 jmp 00007FF518700CBBh 0x0000004d pop ebx 0x0000004e mov di, bx 0x00000051 xchg eax, esi 0x00000052 pushad 0x00000053 push eax 0x00000054 jmp 00007FF518700CBFh 0x00000059 pop eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push edi 0x0000005d pop edi 0x0000005e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A0A79 second address: 9A0A7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A0A7D second address: 9A0A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jng 00007FF518700CB6h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A28B9 second address: 9A28BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A28BD second address: 9A28E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF518700CC3h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A28E4 second address: 9A28E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A4A87 second address: 9A4A8D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A3B80 second address: 9A3BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF5188675A6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF5188675B9h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A3BA8 second address: 9A3BAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A695B second address: 9A699E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007FF5188675ACh 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF5188675B6h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A699E second address: 9A69AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A69AF second address: 9A69B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6BBC second address: 9A6BDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FF518700CB6h 0x00000009 jmp 00007FF518700CC0h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6BDF second address: 9A6BE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6BE3 second address: 9A6BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A4C32 second address: 9A4C38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A4C38 second address: 9A4C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A4C3C second address: 9A4CE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov di, B3CDh 0x0000000f push dword ptr fs:[00000000h] 0x00000016 or dword ptr [ebp+12484020h], ebx 0x0000001c mov ebx, dword ptr [ebp+122D1E31h] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007FF5188675A8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 mov di, ax 0x00000046 mov eax, dword ptr [ebp+122D02C9h] 0x0000004c push 00000000h 0x0000004e push ebp 0x0000004f call 00007FF5188675A8h 0x00000054 pop ebp 0x00000055 mov dword ptr [esp+04h], ebp 0x00000059 add dword ptr [esp+04h], 0000001Ch 0x00000061 inc ebp 0x00000062 push ebp 0x00000063 ret 0x00000064 pop ebp 0x00000065 ret 0x00000066 push FFFFFFFFh 0x00000068 nop 0x00000069 pushad 0x0000006a jmp 00007FF5188675B6h 0x0000006f jmp 00007FF5188675AEh 0x00000074 popad 0x00000075 push eax 0x00000076 push edi 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A4CE0 second address: 9A4CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A9B5D second address: 9A9BC9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF5188675ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FF5188675AFh 0x00000011 je 00007FF5188675BAh 0x00000017 jmp 00007FF5188675B4h 0x0000001c popad 0x0000001d nop 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 call 00007FF5188675A8h 0x00000026 pop esi 0x00000027 mov dword ptr [esp+04h], esi 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc esi 0x00000034 push esi 0x00000035 ret 0x00000036 pop esi 0x00000037 ret 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c sub di, 8249h 0x00000041 push eax 0x00000042 push ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8C91 second address: 9A8C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8C95 second address: 9A8D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, dword ptr [ebp+122D30E0h] 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FF5188675A8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 xor dword ptr [ebp+122D198Bh], eax 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e mov dword ptr [ebp+122D1895h], eax 0x00000044 mov eax, dword ptr [ebp+122D0709h] 0x0000004a mov edi, 306C3724h 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push edx 0x00000054 call 00007FF5188675A8h 0x00000059 pop edx 0x0000005a mov dword ptr [esp+04h], edx 0x0000005e add dword ptr [esp+04h], 00000019h 0x00000066 inc edx 0x00000067 push edx 0x00000068 ret 0x00000069 pop edx 0x0000006a ret 0x0000006b add di, 63AEh 0x00000070 nop 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 push ecx 0x00000076 pop ecx 0x00000077 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8D1C second address: 9A8D2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AAC7C second address: 9AACF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007FF5188675A8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 xor ebx, dword ptr [ebp+122D2A54h] 0x0000002c call 00007FF5188675AAh 0x00000031 mov di, ax 0x00000034 pop ebx 0x00000035 push 00000000h 0x00000037 mov dword ptr [ebp+122D195Dh], ecx 0x0000003d push 00000000h 0x0000003f jnl 00007FF5188675A9h 0x00000045 push eax 0x00000046 jl 00007FF5188675C7h 0x0000004c push eax 0x0000004d push edx 0x0000004e jc 00007FF5188675A6h 0x00000054 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A9CDD second address: 9A9CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A9CE1 second address: 9A9CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ABC76 second address: 9ABC98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF518700CB6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF518700CC1h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ABC98 second address: 9ABCFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF5188675B6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov ebx, ecx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FF5188675A8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c jnc 00007FF5188675ACh 0x00000032 stc 0x00000033 push 00000000h 0x00000035 mov ebx, dword ptr [ebp+122D2C60h] 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f pop eax 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AAE32 second address: 9AAE36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AAE36 second address: 9AAE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AE0F5 second address: 9AE0F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AE0F9 second address: 9AE115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF5188675B6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94767A second address: 9476A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBEh 0x00000007 jmp 00007FF518700CBFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9476A1 second address: 9476B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF5188675AAh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B4CE7 second address: 9B4CF6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF518700CB8h 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956793 second address: 9567A0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9567A0 second address: 9567A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B44B5 second address: 9B44BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B4785 second address: 9B479E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF518700CBFh 0x00000009 jl 00007FF518700CB6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B479E second address: 9B47A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BAA9A second address: 9BAAA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BAAA0 second address: 9BAAC1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF5188675B0h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jnp 00007FF5188675B0h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BAAC1 second address: 9BAACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BAACF second address: 9BAAFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007FF5188675ACh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BAAFB second address: 9BAB00 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BAD38 second address: 9BAD3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BAD3D second address: 7E3A29 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 je 00007FF518700CB6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 0E5BC436h 0x00000013 cld 0x00000014 push dword ptr [ebp+122D116Dh] 0x0000001a jmp 00007FF518700CC0h 0x0000001f call dword ptr [ebp+122D309Eh] 0x00000025 pushad 0x00000026 xor dword ptr [ebp+122D20BEh], eax 0x0000002c xor eax, eax 0x0000002e sub dword ptr [ebp+122D1ABEh], edx 0x00000034 mov edx, dword ptr [esp+28h] 0x00000038 pushad 0x00000039 jmp 00007FF518700CC4h 0x0000003e jmp 00007FF518700CBCh 0x00000043 popad 0x00000044 mov dword ptr [ebp+122D2A98h], eax 0x0000004a mov dword ptr [ebp+122D20BEh], edx 0x00000050 mov esi, 0000003Ch 0x00000055 sub dword ptr [ebp+122D1CB9h], eax 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f pushad 0x00000060 cld 0x00000061 mov ecx, eax 0x00000063 popad 0x00000064 pushad 0x00000065 mov eax, dword ptr [ebp+122D2ACCh] 0x0000006b add dword ptr [ebp+122D1F48h], edx 0x00000071 popad 0x00000072 lodsw 0x00000074 jg 00007FF518700CC4h 0x0000007a add eax, dword ptr [esp+24h] 0x0000007e cld 0x0000007f mov ebx, dword ptr [esp+24h] 0x00000083 add dword ptr [ebp+122D34E4h], esi 0x00000089 nop 0x0000008a push eax 0x0000008b push edx 0x0000008c pushad 0x0000008d jp 00007FF518700CB6h 0x00000093 push eax 0x00000094 push edx 0x00000095 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF4B6 second address: 9BF4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF4BD second address: 9BF501 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF518700CC6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007FF518700CC9h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jg 00007FF518700CC2h 0x00000018 pushad 0x00000019 push edx 0x0000001a pop edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF665 second address: 9BF66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF66B second address: 9BF671 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF78A second address: 9BF7A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF5188675AAh 0x00000008 jnc 00007FF5188675A6h 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF7A4 second address: 9BF7AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF518700CB6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF8D2 second address: 9BF8D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF8D6 second address: 9BF8FC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FF518700CC8h 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF8FC second address: 9BF900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BF900 second address: 9BF90C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BFA63 second address: 9BFA67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BFA67 second address: 9BFA6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BFE43 second address: 9BFE55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675AEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BFE55 second address: 9BFE5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C4BC4 second address: 9C4BD2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C4BD2 second address: 9C4C10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF518700CC3h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FF518700CBDh 0x0000000f popad 0x00000010 push ecx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop ecx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FF518700CC0h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C4C10 second address: 9C4C16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C4D51 second address: 9C4D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C4EE1 second address: 9C4EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF5188675A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5050 second address: 9C5075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CBEh 0x00000009 popad 0x0000000a pushad 0x0000000b jnl 00007FF518700CB6h 0x00000011 pushad 0x00000012 popad 0x00000013 js 00007FF518700CB6h 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C51CE second address: 9C51FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF5188675ADh 0x00000009 jp 00007FF5188675A6h 0x0000000f popad 0x00000010 jc 00007FF5188675B2h 0x00000016 jmp 00007FF5188675ACh 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C51FC second address: 9C5200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5200 second address: 9C5210 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FF5188675A6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5362 second address: 9C5366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C54E1 second address: 9C54E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C54E5 second address: 9C54E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C54E9 second address: 9C54EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9782BA second address: 9782BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9782BE second address: 9782DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FF5188675AAh 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007FF5188675ADh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9782DE second address: 9782E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C596E second address: 9C597A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF5188675A6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C951F second address: 9C956A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jne 00007FF518700CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 je 00007FF518700CB6h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c popad 0x0000001d pushad 0x0000001e jmp 00007FF518700CC2h 0x00000023 push eax 0x00000024 push edx 0x00000025 push edi 0x00000026 pop edi 0x00000027 jmp 00007FF518700CC7h 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 990DB3 second address: 990DB9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 990DB9 second address: 990DF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF518700CBFh 0x00000008 jbe 00007FF518700CB6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 jmp 00007FF518700CC6h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99143A second address: 99144B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007FF5188675A8h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991C51 second address: 991C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FF518700CB8h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991D6A second address: 991D6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991F85 second address: 991F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991F8B second address: 991F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991F8F second address: 991F9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991F9E second address: 991FA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991FA2 second address: 991FA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991FA8 second address: 9782BA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jo 00007FF5188675A6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d movzx edi, bx 0x00000010 mov ecx, dword ptr [ebp+122D19D3h] 0x00000016 lea eax, dword ptr [ebp+12480A0Ah] 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007FF5188675A8h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 0000001Ch 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 jc 00007FF5188675ABh 0x0000003c pushad 0x0000003d stc 0x0000003e mov edx, eax 0x00000040 popad 0x00000041 or ecx, dword ptr [ebp+122D30B7h] 0x00000047 push eax 0x00000048 jmp 00007FF5188675B4h 0x0000004d mov dword ptr [esp], eax 0x00000050 sbb dx, D7B5h 0x00000055 lea eax, dword ptr [ebp+124809C6h] 0x0000005b jbe 00007FF5188675ACh 0x00000061 push eax 0x00000062 jmp 00007FF5188675AFh 0x00000067 mov dword ptr [esp], eax 0x0000006a movsx edi, ax 0x0000006d call dword ptr [ebp+12453473h] 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C994D second address: 9C995F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF518700CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FF518700CB6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C995F second address: 9C9963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C9963 second address: 9C9978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CBFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C9978 second address: 9C9993 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF5188675AAh 0x00000008 jmp 00007FF5188675ACh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C9ACA second address: 9C9AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF518700CC4h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDB8E second address: 9CDB92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D35FC second address: 9D361E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF518700CCAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D361E second address: 9D3624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D38F6 second address: 9D38FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D38FD second address: 9D3903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D6F6E second address: 9D6F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DA210 second address: 9DA243 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF5188675ACh 0x00000010 jmp 00007FF5188675AAh 0x00000015 popad 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D9DA0 second address: 9D9DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DB89A second address: 9DB8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 js 00007FF5188675A6h 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DB8A7 second address: 9DB8AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DB8AC second address: 9DB8CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF5188675A6h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 ja 00007FF5188675A6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DE91F second address: 9DE929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF518700CB6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DE929 second address: 9DE92F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9DE92F second address: 9DE940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jnp 00007FF518700CB6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94400A second address: 94400E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E6D97 second address: 9E6DBA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push edx 0x00000008 jmp 00007FF518700CC1h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 jc 00007FF518700CB6h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E703E second address: 9E7095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF5188675B9h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF5188675AEh 0x00000011 ja 00007FF5188675C9h 0x00000017 jmp 00007FF5188675B2h 0x0000001c jmp 00007FF5188675B1h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E7095 second address: 9E709A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E71C6 second address: 9E71D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E71D5 second address: 9E71DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991AB0 second address: 991AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991AB6 second address: 991B20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov di, cx 0x00000011 mov ebx, dword ptr [ebp+12480A05h] 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007FF518700CB8h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 jl 00007FF518700CCDh 0x00000037 pushad 0x00000038 movsx eax, si 0x0000003b call 00007FF518700CC1h 0x00000040 pop ecx 0x00000041 popad 0x00000042 add eax, ebx 0x00000044 mov ecx, 004B8506h 0x00000049 movsx edx, ax 0x0000004c nop 0x0000004d push eax 0x0000004e push edx 0x0000004f push esi 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991B20 second address: 991B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 991B25 second address: 991B3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnp 00007FF518700CC4h 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007FF518700CB6h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EA6DE second address: 9EA6F0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FF5188675A6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDC12 second address: 9EDC20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FF518700CB6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDC20 second address: 9EDC39 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FF5188675AEh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDC39 second address: 9EDC44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FF518700CB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EE3BE second address: 9EE3C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6DE4 second address: 9F6E18 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF518700CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FF518700CBEh 0x00000010 pushad 0x00000011 popad 0x00000012 jns 00007FF518700CB6h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF518700CC6h 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6E18 second address: 9F6E1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6E1C second address: 9F6E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF518700CC2h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6E38 second address: 9F6E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6E3C second address: 9F6E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6E40 second address: 9F6E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F5368 second address: 9F536C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6249 second address: 9F6256 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6256 second address: 9F6260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6260 second address: 9F6266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F67CF second address: 9F67D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F67D3 second address: 9F67F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FF5188675B2h 0x0000000f jl 00007FF5188675A6h 0x00000015 jne 00007FF5188675A6h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F67F5 second address: 9F67FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6ADB second address: 9F6AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6AE4 second address: 9F6AF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF518700CB6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6AF0 second address: 9F6B00 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6B00 second address: 9F6B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F6B04 second address: 9F6B0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9F17 second address: 9F9F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FF518700CB8h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9F34 second address: 9F9F38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9F38 second address: 9F9F48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA793 second address: 9FA7BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675AFh 0x00000007 jmp 00007FF5188675B9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA7BF second address: 9FA7D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBCh 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA962 second address: 9FA96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF5188675A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA96C second address: 9FA975 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FAAD7 second address: 9FAADC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A01980 second address: A01984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A079E5 second address: A07A05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B6h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07A05 second address: A07A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07B6F second address: A07B83 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FF5188675A6h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0865B second address: A0866B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007FF518700CB6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09629 second address: A09639 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF5188675B2h 0x00000008 js 00007FF5188675A6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A07505 second address: A0750A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0FEAB second address: A0FEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0FFFC second address: A1000A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FF518700CB6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1000A second address: A1001F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1001F second address: A10025 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10025 second address: A10029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10029 second address: A1002D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1CE69 second address: A1CE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A220AF second address: A220DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF518700CC8h 0x0000000d jmp 00007FF518700CBBh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A220DA second address: A220E4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF5188675B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A220E4 second address: A220EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A21D58 second address: A21D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FF5188675ACh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A21D6C second address: A21D77 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A21D77 second address: A21D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF5188675AFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A307F5 second address: A307FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A39F05 second address: A39F09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A39F09 second address: A39F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF518700CBDh 0x0000000c je 00007FF518700CB6h 0x00000012 popad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3A089 second address: A3A093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF5188675A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3A093 second address: A3A09D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF518700CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3A388 second address: A3A392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF5188675A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3A392 second address: A3A3B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3A3B0 second address: A3A3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3A3B6 second address: A3A3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 ja 00007FF518700CB6h 0x0000000c popad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3A3C8 second address: A3A3D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3A3D7 second address: A3A3DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3AF42 second address: A3AF4E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3AF4E second address: A3AF52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3AF52 second address: A3AF56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3AF56 second address: A3AF78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CC9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3D923 second address: A3D96B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B7h 0x00000007 jmp 00007FF5188675B7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 jp 00007FF5188675ACh 0x00000016 jg 00007FF5188675A6h 0x0000001c jp 00007FF5188675C2h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B5CA second address: A5B609 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FF518700CC5h 0x0000000e jmp 00007FF518700CBEh 0x00000013 popad 0x00000014 jmp 00007FF518700CC2h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5B609 second address: A5B625 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B0h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FF5188675A6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5D377 second address: A5D393 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CC6h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5D393 second address: A5D399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5D399 second address: A5D39F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5D39F second address: A5D3B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FF5188675ACh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5D3B7 second address: A5D3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5D4E9 second address: A5D4ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A5D4ED second address: A5D4F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75D40 second address: A75D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75D49 second address: A75D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jnp 00007FF518700CB6h 0x0000000c je 00007FF518700CB6h 0x00000012 js 00007FF518700CB6h 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75D62 second address: A75D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jno 00007FF5188675A6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75EB4 second address: A75EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF518700CB6h 0x0000000a jmp 00007FF518700CC6h 0x0000000f popad 0x00000010 pop edi 0x00000011 pushad 0x00000012 ja 00007FF518700CBCh 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7618B second address: A76199 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76199 second address: A7619F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7673A second address: A7673E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7673E second address: A7674F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007FF518700CD2h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7674F second address: A76753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76753 second address: A76761 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FF518700CBEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A768CE second address: A768D5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A768D5 second address: A7690B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF518700CC4h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF518700CC1h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7690B second address: A7691A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A76BDB second address: A76BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A78554 second address: A78558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A78558 second address: A7856D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FF518700CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jnl 00007FF518700CB6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7856D second address: A78578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A78578 second address: A78586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CBAh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A78586 second address: A7858C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7858C second address: A785A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FF518700CC2h 0x0000000c push ecx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A785A9 second address: A785B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7ADA7 second address: A7ADAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7ADAC second address: A7ADCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FF5188675A6h 0x00000009 je 00007FF5188675A6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF5188675AEh 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7B091 second address: A7B0CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF518700CB6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c mov dword ptr [esp], eax 0x0000000f push ecx 0x00000010 mov dh, al 0x00000012 pop edx 0x00000013 mov edx, dword ptr [ebp+12450216h] 0x00000019 push 00000004h 0x0000001b call 00007FF518700CBAh 0x00000020 xor dh, 00000016h 0x00000023 pop edx 0x00000024 mov edx, edi 0x00000026 push 5047B3E0h 0x0000002b jg 00007FF518700CBEh 0x00000031 push ecx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7CD26 second address: A7CD2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7CD2B second address: A7CD31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7CD31 second address: A7CD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7CD3B second address: A7CD43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7E7EC second address: A7E808 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF5188675B6h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A7E808 second address: A7E819 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FF518700CB6h 0x00000009 jbe 00007FF518700CB6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 959DF2 second address: 959DF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0CAB second address: 50C0D41 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ecx, dword ptr [eax+00000FDCh] 0x0000000d jmp 00007FF518700CBAh 0x00000012 test ecx, ecx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FF518700CBEh 0x0000001b or eax, 1A75E058h 0x00000021 jmp 00007FF518700CBBh 0x00000026 popfd 0x00000027 mov bh, ah 0x00000029 popad 0x0000002a jns 00007FF518700CD7h 0x00000030 jmp 00007FF518700CBBh 0x00000035 add eax, ecx 0x00000037 pushad 0x00000038 mov ebx, ecx 0x0000003a jmp 00007FF518700CC0h 0x0000003f popad 0x00000040 mov eax, dword ptr [eax+00000860h] 0x00000046 jmp 00007FF518700CC0h 0x0000004b test eax, eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FF518700CC7h 0x00000054 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0D41 second address: 50C0D59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF5188675B4h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0D59 second address: 50C0D5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0D5D second address: 50C0D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FF58921D5A0h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C0D71 second address: 50C0D77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7E3A90 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7E3A1D instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 986871 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 990E76 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7E3996 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 2792Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000003.2085241301.00000000011F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.00000000011F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086073758.00000000011F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<
    Source: file.exe, 00000000.00000003.2085241301.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086073758.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.000000000117E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C5BB0 LdrInitializeThunk,0_2_007C5BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, file.exe, 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 53Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    sergei-esenin.com11%VirustotalBrowse
    bathdoomgaz.store14%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    mobbipenju.store14%VirustotalBrowse
    spirittunek.store14%VirustotalBrowse
    eaglepawnoy.store18%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    dissapoiznw.store14%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://sergei-esenin.com/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://www.youtube.com0%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse
    https://sergei-esenin.com:443/apifiles/765611997243319009%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a0%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    https://sergei-esenin.com/p8%VirustotalBrowse
    https://sergei-esenin.com/_11%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm0%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%VirustotalBrowse
    https://steamcommunity.com/market/0%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse
    https://steamcommunity.com/discussions/0%VirustotalBrowse
    https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319000%VirustotalBrowse
    https://sergei-esenin.com/apih11%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&amp;l=e0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%VirustotalBrowse
    https://steamcommunity.com/workshop/0%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    http://127.0.0.1:270600%VirustotalBrowse
    https://sergei-esenin.com/api$11%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R0%VirustotalBrowse
    clearancek.site18%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalseunknown
    sergei-esenin.com
    		172.67.206.204
    		truetrueunknown
    eaglepawnoy.store
    		unknown
    		unknownfalseunknown
    bathdoomgaz.store
    		unknown
    		unknownfalseunknown
    spirittunek.store
    		unknown
    		unknownfalseunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknownfalseunknown
    mobbipenju.store
    		unknown
    		unknownfalseunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknownfalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    studennotediw.stortrue
      		unknown
      mobbipenju.stortrue
        		unknown
        https://steamcommunity.com/profiles/76561199724331900true
        • URL Reputation: malware
        		unknown
        bathdoomgaz.stortrue
          		unknown
          dissapoiznw.stortrue
            		unknown
            spirittunek.stortrue
              		unknown
              eaglepawnoy.stortrue
                		unknown
                clearancek.sitetrueunknown
                licendfilteo.sitetrueunknown
                https://sergei-esenin.com/apitrue
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://player.vimeo.comfile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://sergei-esenin.com/file.exe, 00000000.00000002.2085908053.00000000011D3000.00000004.00000020.00020000.00000000.sdmptrueunknown
                  https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://www.youtube.comfile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.google.comfile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://s.ytimg.com;file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://steam.tv/file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://sketchfab.comfile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://lv.queniujq.cnfile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://sergei-esenin.com/pfile.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmptrueunknown
                    https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmptrue
                    • URL Reputation: malware
                    		unknown
                    https://www.youtube.com/file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://sergei-esenin.com:443/apifiles/76561199724331900file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmptrueunknown
                    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://sergei-esenin.com/gfile.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmptrue
                      		unknown
                      https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://sergei-esenin.com/_file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmptrueunknown
                      https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.google.com/recaptcha/file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://checkout.steampowered.com/file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://store.steampowered.com/;file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://store.steampowered.com/about/file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfmfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://help.steampowered.com/en/file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://steamcommunity.com/market/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://store.steampowered.com/news/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://sergei-esenin.com/apihfile.exe, 00000000.00000003.2085241301.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086073758.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmptrueunknown
                        http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://store.steampowered.com/stats/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://medal.tvfile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://login.steampowered.com/file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://store.steampowered.com/legal/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&amp;l=efile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://sergei-esenin.com/api?efile.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmptrue
                          		unknown
                          https://sergei-esenin.com/api$file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmptrueunknown
                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://recaptcha.netfile.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://store.steampowered.com/file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://127.0.0.1:27060file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://help.steampowered.com/file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://api.steampowered.com/file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://steamcommunity.com/file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            104.102.49.254
                            		steamcommunity.comUnited States
                            		16625AKAMAI-ASUSfalse
                            172.67.206.204
                            		sergei-esenin.comUnited States
                            		13335CLOUDFLARENETUStrue

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1528660
                            Start date and time:2024-10-08 08:21:10 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 2m 46s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:2
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:file.exe
                            Detection:MAL
                            Classification:mal100.troj.evad.winEXE@1/0@10/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Stop behavior analysis, all processes terminated

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            02:22:02API Interceptor3x Sleep call for process: file.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                            • www.valvesoftware.com/legal.htm
                            172.67.206.204file.exeGet hashmaliciousLummaCBrowse
                              lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                                  SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exeGet hashmaliciousLummaCBrowse
                                    file.exeGet hashmaliciousLummaCBrowse
                                      file.exeGet hashmaliciousLummaCBrowse
                                        file.exeGet hashmaliciousLummaCBrowse
                                          SecuriteInfo.com.Win32.Evo-gen.11282.4102.exeGet hashmaliciousLummaCBrowse
                                            9Y6R8fs0wd.exeGet hashmaliciousLummaCBrowse
                                              file.exeGet hashmaliciousLummaCBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
                                                • 104.21.53.8
                                                j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                SecuriteInfo.com.Trojan.DownLoader47.43340.9153.30810.exeGet hashmaliciousLummaCBrowse
                                                • 104.21.53.8
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                SecuriteInfo.com.Win32.Evo-gen.11282.4102.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                7AeSqNv1rC.exeGet hashmaliciousMicroClip, VidarBrowse
                                                • 104.102.49.254
                                                VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
                                                • 23.197.127.21
                                                j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                CLOUDFLARENETUShttps://www.anwaltssocietaet.at/#Get hashmaliciousUnknownBrowse
                                                • 172.64.149.23
                                                SPARES REQUISITION.XLSX.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 104.26.12.205
                                                https://docs.google.com/drawings/u/0/d/1upFXiljnDLvdOIt1Aoe3r44ZCVNRtnjt0CV6fZcs1no/preview?usp=sharing&pli=1Get hashmaliciousHTMLPhisherBrowse
                                                • 104.17.25.14
                                                CMB FLORIS DETAILS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 172.67.74.152
                                                SUN ACE TBN VESSEL DETAILS.doc.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 104.26.13.205
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                • 172.67.206.204
                                                Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                • 104.21.48.76
                                                SteamCleanz Marlborough Limited.xlsxGet hashmaliciousUnknownBrowse
                                                • 188.114.97.3
                                                SteamCleanz Marlborough Limited.xlsxGet hashmaliciousUnknownBrowse
                                                • 188.114.96.3
                                                AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                7AeSqNv1rC.exeGet hashmaliciousMicroClip, VidarBrowse
                                                • 104.102.49.254
                                                j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                T2bmenoX1o.exeGet hashmaliciousLummaC, VidarBrowse
                                                • 104.102.49.254

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                SteamCleanz Marlborough Limited.xlsxGet hashmaliciousUnknownBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                file.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exeGet hashmaliciousLummaCBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204
                                                ctMI3TYXpX.exeGet hashmaliciousSmokeLoaderBrowse
                                                • 104.102.49.254
                                                • 172.67.206.204

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                No created / dropped files found

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Entropy (8bit):7.94857308212571
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:file.exe
                                                File size:1'850'368 bytes
                                                MD5:cc9f4d3852fc71589b37a660197d11d5
                                                SHA1:59e8dceb4013812a86eb0bcdc93a047d3625190b
                                                SHA256:4959ea9b83eb93d47393542fa6bef79b7d81dd272ceb9310f1c6f3e152a06c42
                                                SHA512:49a822292871e7bba80e90e9749a0d8190a9530e8bfdb8ef6ac9574f710cd61e4734ea02b1e8a2518d88f424dba78595fe59a107d304902ee03b151bacffa07c
                                                SSDEEP:49152:rm9SbVYOjjG46Z+nmwsXHJzojK96aHrmcwHaz:rGS7a4Hmvtoj2XLmcg
                                                TLSH:718533146B2E6BABD3D8DC76CB3F87956B14EA80901B10CD16DC4568BC7492FBCBC426
                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................@J...........@..........................pJ.....}.....@.................................W...k..

                                                File Icon

                                                Icon Hash:00928e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x8a4000
                                                Entrypoint Section:.taggant
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:6
                                                OS Version Minor:0
                                                File Version Major:6
                                                File Version Minor:0
                                                Subsystem Version Major:6
                                                Subsystem Version Minor:0
                                                Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                Entrypoint Preview

                                                Instruction
                                                jmp 00007FF518D5876Ah
                                                hint_nop dword ptr [eax+eax]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                jmp 00007FF518D5A765h
                                                add byte ptr [ecx], al
                                                or al, byte ptr [eax]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], dh
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [ecx], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [ecx], cl
                                                add byte ptr [eax], 00000000h
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                adc byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add dword ptr [edx], ecx
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                xor byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], 00000000h
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [edi], al
                                                add byte ptr [eax], 00000000h
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                adc byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add dword ptr [edx], ecx
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                adc byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                or ecx, dword ptr [edx]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                or byte ptr [eax+00000000h], al
                                                add byte ptr [eax], al
                                                adc byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add dword ptr [edx], ecx
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                xor byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                0x10000x5d0000x25e00f4580cdfc9dd05512a62d4b566a1bd0eFalse0.9994134179042904data7.9737388508474325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                0x600000x2a80000x20087633142aafb51adda2ddeea2866592funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                ailacznz0x3080000x19b0000x19a400b817cc90561b52b36749341af3bee44aFalse0.9945220854280926data7.953996751177959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                ftzdjqez0x4a30000x10000x4000d4506fc1f7910325ea850c92a2a2c5eFalse0.806640625data6.267875366840658IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .taggant0x4a40000x30000x2200e28f3f30d0b032904833d81a9446c63aFalse0.062270220588235295DOS executable (COM)0.7963081317323046IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                Imports

                                                DLLImport
                                                kernel32.dlllstrcpy

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-10-08T08:22:03.539214+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.5607331.1.1.153UDP
                                                2024-10-08T08:22:03.552608+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.5566481.1.1.153UDP
                                                2024-10-08T08:22:03.563007+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.5607531.1.1.153UDP
                                                2024-10-08T08:22:03.574274+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.5651081.1.1.153UDP
                                                2024-10-08T08:22:03.585263+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.5598831.1.1.153UDP
                                                2024-10-08T08:22:03.614184+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.5532261.1.1.153UDP
                                                2024-10-08T08:22:03.625128+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.5647371.1.1.153UDP
                                                2024-10-08T08:22:03.635424+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.5639831.1.1.153UDP
                                                2024-10-08T08:22:06.053296+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549705172.67.206.204443TCP
                                                2024-10-08T08:22:06.053296+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705172.67.206.204443TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 8, 2024 08:22:03.660012960 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:03.660037994 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:03.660140038 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:03.661271095 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:03.661287069 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.330959082 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.331043005 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:04.347522020 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:04.347538948 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.348455906 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.389692068 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:04.535301924 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:04.575406075 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.973304987 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.973366022 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.973407984 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.973419905 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:04.973427057 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.973454952 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.973491907 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:04.973501921 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:04.973527908 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:04.973558903 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:05.077775955 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:05.077840090 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:05.077908993 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:05.077928066 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:05.077958107 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:05.078821898 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:05.083060980 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:05.083268881 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:05.083291054 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:05.083408117 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:05.083921909 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:05.083921909 CEST49704443192.168.2.5104.102.49.254
                                                Oct 8, 2024 08:22:05.083937883 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:05.083950043 CEST44349704104.102.49.254192.168.2.5
                                                Oct 8, 2024 08:22:05.164167881 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:05.164206982 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:05.164282084 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:05.164616108 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:05.164633989 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:05.627927065 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:05.628117085 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:05.630475044 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:05.630481958 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:05.630892992 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:05.632086992 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:05.632122993 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:05.632183075 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:06.053083897 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:06.053167105 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:06.053282976 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:06.054234028 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:06.054249048 CEST44349705172.67.206.204192.168.2.5
                                                Oct 8, 2024 08:22:06.054277897 CEST49705443192.168.2.5172.67.206.204
                                                Oct 8, 2024 08:22:06.054285049 CEST44349705172.67.206.204192.168.2.5

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 8, 2024 08:22:03.539213896 CEST6073353192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.548656940 CEST53607331.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:03.552608013 CEST5664853192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.560970068 CEST53566481.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:03.563007116 CEST6075353192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.572094917 CEST53607531.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:03.574274063 CEST6510853192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.582995892 CEST53651081.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:03.585263014 CEST5988353192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.611710072 CEST53598831.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:03.614183903 CEST5322653192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.622734070 CEST53532261.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:03.625128031 CEST6473753192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.633461952 CEST53647371.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:03.635423899 CEST6398353192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.644556999 CEST53639831.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:03.647949934 CEST5983053192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:03.654932022 CEST53598301.1.1.1192.168.2.5
                                                Oct 8, 2024 08:22:05.127933979 CEST5849653192.168.2.51.1.1.1
                                                Oct 8, 2024 08:22:05.162854910 CEST53584961.1.1.1192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Oct 8, 2024 08:22:03.539213896 CEST192.168.2.51.1.1.10xe969Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.552608013 CEST192.168.2.51.1.1.10xafe1Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.563007116 CEST192.168.2.51.1.1.10xeaafStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.574274063 CEST192.168.2.51.1.1.10x96a4Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.585263014 CEST192.168.2.51.1.1.10x6668Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.614183903 CEST192.168.2.51.1.1.10xabe6Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.625128031 CEST192.168.2.51.1.1.10xd1c7Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.635423899 CEST192.168.2.51.1.1.10x4ed4Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.647949934 CEST192.168.2.51.1.1.10xb9a2Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:05.127933979 CEST192.168.2.51.1.1.10x18fbStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Oct 8, 2024 08:22:03.548656940 CEST1.1.1.1192.168.2.50xe969Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.560970068 CEST1.1.1.1192.168.2.50xafe1Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.572094917 CEST1.1.1.1192.168.2.50xeaafName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.582995892 CEST1.1.1.1192.168.2.50x96a4Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.611710072 CEST1.1.1.1192.168.2.50x6668Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.622734070 CEST1.1.1.1192.168.2.50xabe6Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.633461952 CEST1.1.1.1192.168.2.50xd1c7Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.644556999 CEST1.1.1.1192.168.2.50x4ed4Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:03.654932022 CEST1.1.1.1192.168.2.50xb9a2No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:05.162854910 CEST1.1.1.1192.168.2.50x18fbNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                Oct 8, 2024 08:22:05.162854910 CEST1.1.1.1192.168.2.50x18fbNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • steamcommunity.com
                                                • sergei-esenin.com

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.549704104.102.49.2544433208C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 06:22:04 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                Connection: Keep-Alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Host: steamcommunity.com
                                                2024-10-08 06:22:04 UTC1870INHTTP/1.1 200 OK
                                                Server: nginx
                                                Content-Type: text/html; charset=UTF-8
                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                Cache-Control: no-cache
                                                Date: Tue, 08 Oct 2024 06:22:04 GMT
                                                Content-Length: 34837
                                                Connection: close
                                                Set-Cookie: sessionid=cd3472c77f17062a12faec21; Path=/; Secure; SameSite=None
                                                Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                2024-10-08 06:22:04 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                2024-10-08 06:22:05 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                2024-10-08 06:22:05 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                2024-10-08 06:22:05 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.549705172.67.206.2044433208C:\Users\user\Desktop\file.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-08 06:22:05 UTC264OUTPOST /api HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                Content-Length: 8
                                                Host: sergei-esenin.com
                                                2024-10-08 06:22:05 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                Data Ascii: act=life
                                                2024-10-08 06:22:06 UTC831INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 06:22:06 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Set-Cookie: PHPSESSID=t8abmuchmjimk9he913n447sc5; expires=Sat, 01 Feb 2025 00:08:44 GMT; Max-Age=9999999; path=/
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                cf-cache-status: DYNAMIC
                                                vary: accept-encoding
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IR6UT%2BAHlQadn6FFPfyP5spQ1Mh2BoZRmBRGnD%2BJOr6TvB%2FTcPHVBhsezNhn25qYkjdQp925MKaGgXm4xASOCxuXc6i%2FS3v3BlW60rxJrsMqgU%2FKs6C1epeoO5IVI7HzJ6BVHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8cf408d59c3641af-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-10-08 06:22:06 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                Data Ascii: aerror #D12
                                                2024-10-08 06:22:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:02:22:01
                                                Start date:08/10/2024
                                                Path:C:\Users\user\Desktop\file.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                Imagebase:0x780000
                                                File size:1'850'368 bytes
                                                MD5 hash:CC9F4D3852FC71589B37A660197D11D5
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:0.9%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:71.4%
                                                  Total number of Nodes:42
                                                  Total number of Limit Nodes:5
                                                  execution_graph 21172 7bd9cb 21173 7bd9fb 21172->21173 21174 7bda65 21173->21174 21176 7c5bb0 LdrInitializeThunk 21173->21176 21176->21173 21116 79049b 21118 790227 21116->21118 21117 790455 21120 7c5700 2 API calls 21117->21120 21118->21117 21121 790308 21118->21121 21122 7c5700 21118->21122 21120->21121 21123 7c571b 21122->21123 21124 7c5797 21122->21124 21126 7c578c 21122->21126 21128 7c5729 21122->21128 21123->21124 21123->21126 21123->21128 21129 7c3220 21124->21129 21126->21117 21127 7c5776 RtlReAllocateHeap 21127->21126 21128->21127 21130 7c32ac 21129->21130 21131 7c3236 21129->21131 21132 7c32a2 RtlFreeHeap 21129->21132 21130->21126 21131->21132 21132->21130 21133 7c64b8 21135 7c63f2 21133->21135 21134 7c646e 21135->21134 21137 7c5bb0 LdrInitializeThunk 21135->21137 21137->21134 21143 78d110 21145 78d119 21143->21145 21144 78d2ee ExitProcess 21145->21144 21146 78d2e9 21145->21146 21149 790b40 FreeLibrary 21145->21149 21150 7c56e0 FreeLibrary 21146->21150 21149->21146 21150->21144 21156 7c99d0 21158 7c99f5 21156->21158 21157 7c9b0e 21160 7c9a5f 21158->21160 21162 7c5bb0 LdrInitializeThunk 21158->21162 21160->21157 21163 7c5bb0 LdrInitializeThunk 21160->21163 21162->21160 21163->21157 21164 78edb5 21165 78edd0 21164->21165 21165->21165 21168 78fca0 21165->21168 21171 78fcdc 21168->21171 21169 78ef70 21170 7c3220 RtlFreeHeap 21170->21169 21171->21169 21171->21170 21177 7c3202 RtlAllocateHeap

                                                  Executed Functions

                                                  Function 0078FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 25 78fca0-78fcda 26 78fd0b-78fe22 25->26 27 78fcdc-78fcdf 25->27 29 78fe5b-78fe8c 26->29 30 78fe24 26->30 28 78fce0-78fd09 call 792690 27->28 28->26 33 78fe8e-78fe8f 29->33 34 78feb6-78fec5 call 790b50 29->34 32 78fe30-78fe59 call 792760 30->32 32->29 38 78fe90-78feb4 call 792700 33->38 39 78feca-78fecf 34->39 38->34 43 78ffe4-78ffe6 39->43 44 78fed5-78fef8 39->44 47 7901b1-7901bb 43->47 45 78fefa 44->45 46 78ff2b-78ff2d 44->46 48 78ff00-78ff29 call 7927e0 45->48 49 78ff30-78ff3a 46->49 48->46 51 78ff3c-78ff3f 49->51 52 78ff41-78ff49 49->52 51->49 51->52 54 78ff4f-78ff76 52->54 55 7901a2-7901ad call 7c3220 52->55 57 78ff78 54->57 58 78ffab-78ffb5 54->58 55->47 62 78ff80-78ffa9 call 792840 57->62 59 78ffeb 58->59 60 78ffb7-78ffbb 58->60 65 78ffed-78ffef 59->65 64 78ffc7-78ffcb 60->64 62->58 67 79019a 64->67 68 78ffd1-78ffd8 64->68 65->67 69 78fff5-79002c 65->69 67->55 70 78ffda-78ffdc 68->70 71 78ffde 68->71 72 79005b-790065 69->72 73 79002e-79002f 69->73 70->71 76 78ffc0-78ffc5 71->76 77 78ffe0-78ffe2 71->77 74 7900a4 72->74 75 790067-79006f 72->75 78 790030-790059 call 7928a0 73->78 81 7900a6-7900a8 74->81 80 790087-79008b 75->80 76->64 76->65 77->76 78->72 80->67 83 790091-790098 80->83 81->67 84 7900ae-7900c5 81->84 85 79009a-79009c 83->85 86 79009e 83->86 87 7900fb-790102 84->87 88 7900c7 84->88 85->86 91 790080-790085 86->91 92 7900a0-7900a2 86->92 89 790130-79013c 87->89 90 790104-79010d 87->90 93 7900d0-7900f9 call 792900 88->93 95 7901c2-7901c7 89->95 94 790117-79011b 90->94 91->80 91->81 92->91 93->87 94->67 98 79011d-790124 94->98 95->55 99 79012a 98->99 100 790126-790128 98->100 101 79012c-79012e 99->101 102 790110-790115 99->102 100->99 101->102 102->94 103 790141-790143 102->103 103->67 104 790145-79015b 103->104 104->95 105 79015d-79015f 104->105 106 790163-790166 105->106 107 790168-790188 call 792030 106->107 108 7901bc 106->108 111 79018a-790190 107->111 112 790192-790198 107->112 108->95 111->106 111->112 112->95
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: J|BJ$V$VY^_$t
                                                  • API String ID: 0-3701112211
                                                  • Opcode ID: beaabe34ed3517846ea2aa46600787e78cf78a0a743449ae77fbaa16b1e90c1e
                                                  • Instruction ID: 41ffa475ad35e1cce501f017f0e5218e2f70d55f0be0ba43bfc033ff4972bfd6
                                                  • Opcode Fuzzy Hash: beaabe34ed3517846ea2aa46600787e78cf78a0a743449ae77fbaa16b1e90c1e
                                                  • Instruction Fuzzy Hash: DDD1777455C3909FD710EF18E494A1FBBE2AB92B44F14882CF5C99B252D33ACD09DB92
                                                  Function 0078D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 149 78d110-78d11b call 7c4cc0 152 78d2ee-78d2f6 ExitProcess 149->152 153 78d121-78d130 call 7bc8d0 149->153 157 78d2e9 call 7c56e0 153->157 158 78d136-78d15f 153->158 157->152 162 78d161 158->162 163 78d196-78d1bf 158->163 164 78d170-78d194 call 78d300 162->164 165 78d1c1 163->165 166 78d1f6-78d20c 163->166 164->163 170 78d1d0-78d1f4 call 78d370 165->170 167 78d239-78d23b 166->167 168 78d20e-78d20f 166->168 172 78d23d-78d25a 167->172 173 78d286-78d2aa 167->173 171 78d210-78d237 call 78d3e0 168->171 170->166 171->167 172->173 177 78d25c-78d25f 172->177 178 78d2ac-78d2af 173->178 179 78d2d6 call 78e8f0 173->179 183 78d260-78d284 call 78d440 177->183 184 78d2b0-78d2d4 call 78d490 178->184 185 78d2db-78d2dd 179->185 183->173 184->179 185->157 188 78d2df-78d2e4 call 792f10 call 790b40 185->188 188->157
                                                  APIs
                                                  • ExitProcess.KERNEL32(00000000), ref: 0078D2F1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 5179b2e5c51bc2149b8cc7fc250fd013f21762188492b4146fa97490fbfc01dd
                                                  • Instruction ID: bc902e13c75cc5bc1556890c64dd810b201374330f1c6ed086f105693d1b9008
                                                  • Opcode Fuzzy Hash: 5179b2e5c51bc2149b8cc7fc250fd013f21762188492b4146fa97490fbfc01dd
                                                  • Instruction Fuzzy Hash: 6741447094D380ABC721BB68D598A2EFBF5AF56704F148C1CE5C497292D33ADC109B67
                                                  Function 007C5700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 194 7c5700-7c5714 195 7c578c-7c5795 call 7c31a0 194->195 196 7c5729-7c574a 194->196 197 7c571b-7c5722 194->197 198 7c5797-7c57a5 call 7c3220 194->198 199 7c57b0 194->199 200 7c57b2 194->200 203 7c57b4-7c57b9 195->203 204 7c574c-7c574f 196->204 205 7c5776-7c578a RtlReAllocateHeap 196->205 197->196 197->198 197->199 197->200 198->199 199->200 200->203 208 7c5750-7c5774 call 7c5b30 204->208 205->203 208->205
                                                  APIs
                                                  • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 007C5784
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 6511010add68b95dcf63c60f15551dab27e41205c4c61ef5483057744305694e
                                                  • Instruction ID: c7b438d16ce4566b07893c70f764c256d469cd3c43eff25c1cc7a718c051106d
                                                  • Opcode Fuzzy Hash: 6511010add68b95dcf63c60f15551dab27e41205c4c61ef5483057744305694e
                                                  • Instruction Fuzzy Hash: DA119E7591D640EBC301AF28E844E1BBBF5AF96710F05882CE8C49B211D33AE850CB97
                                                  Function 007C5BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 221 7c5bb0-7c5be2 LdrInitializeThunk
                                                  APIs
                                                  • LdrInitializeThunk.NTDLL(007C973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 007C5BDE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                  • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                  • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                  • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                  Function 007C695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 250 7c695b-7c696b call 7c4a20 253 7c696d 250->253 254 7c6981-7c6a02 250->254 255 7c6970-7c697f 253->255 256 7c6a04 254->256 257 7c6a36-7c6a42 254->257 255->254 255->255 258 7c6a10-7c6a34 call 7c73e0 256->258 259 7c6a44-7c6a4f 257->259 260 7c6a85-7c6a9f 257->260 258->257 262 7c6a50-7c6a57 259->262 264 7c6a59-7c6a5c 262->264 265 7c6a60-7c6a66 262->265 264->262 266 7c6a5e 264->266 265->260 267 7c6a68-7c6a7d call 7c5bb0 265->267 266->260 269 7c6a82 267->269 269->260
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: a982e2e39fa0476f489121be6aaf68d2d33bab855c336e597e4ced6416d60926
                                                  • Instruction ID: 08dbfee099a25ab476f308b9cb3afa5fabfb48306d55618f26d42e55b8e1e732
                                                  • Opcode Fuzzy Hash: a982e2e39fa0476f489121be6aaf68d2d33bab855c336e597e4ced6416d60926
                                                  • Instruction Fuzzy Hash: 0231A8B05083018FD718DF14C8A0B2EB7F1EF88348F18982DE5C6A72A1E7389904CB5A
                                                  Function 0079049B Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 270 79049b-790515 call 78c9f0 274 790339-79034f 270->274 275 79045b-790469 call 7c5700 270->275 276 7903fb-790414 270->276 277 79051c-79051e 270->277 278 79035f-790367 270->278 279 7903be 270->279 280 7903de-7903e3 270->280 281 790311-790332 270->281 282 790370-79037e 270->282 283 7903d0-7903d7 270->283 284 790393-790397 270->284 285 790472-790477 270->285 286 790417-790430 270->286 287 790356 270->287 288 790308-79030c 270->288 289 7903ec-7903f4 270->289 290 790440-790458 call 7c5700 270->290 291 790480 270->291 292 790242-790244 270->292 293 790482-790484 270->293 294 790227-79023b 270->294 295 790246-790260 270->295 296 790386-79038c 270->296 274->275 274->276 274->278 274->279 274->280 274->282 274->283 274->284 274->285 274->286 274->287 274->289 274->290 274->291 274->293 274->296 275->285 276->286 300 790520-790b30 277->300 278->282 279->283 280->289 281->274 281->275 281->276 281->278 281->279 281->280 281->282 281->283 281->284 281->285 281->286 281->287 281->289 281->290 281->291 281->293 281->296 282->296 283->276 283->280 283->284 283->285 283->286 283->289 283->291 283->293 283->296 304 7903a0-7903b7 284->304 285->291 286->290 287->278 302 79048d-790496 288->302 289->276 289->284 289->285 289->291 289->293 290->275 297 790296-7902bd 292->297 293->302 294->274 294->275 294->276 294->278 294->279 294->280 294->281 294->282 294->283 294->284 294->285 294->286 294->287 294->288 294->289 294->290 294->291 294->292 294->293 294->295 294->296 298 790262 295->298 299 790294 295->299 296->284 296->285 296->291 296->293 306 7902ea-790301 297->306 307 7902bf 297->307 305 790270-790292 call 792eb0 298->305 299->297 302->300 304->275 304->276 304->279 304->280 304->283 304->284 304->285 304->286 304->289 304->290 304->291 304->293 304->296 305->299 306->274 306->275 306->276 306->278 306->279 306->280 306->281 306->282 306->283 306->284 306->285 306->286 306->287 306->288 306->289 306->290 306->291 306->293 306->296 317 7902c0-7902e8 call 792e70 307->317 317->306
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: edee592effedebd4b6f6855034543bcdab74270f21453c471c0ff3bd6df3e211
                                                  • Instruction ID: aab70776c58c452e8e948c25e28e4d45a8f918b9c8380d08b9323511093e3dbb
                                                  • Opcode Fuzzy Hash: edee592effedebd4b6f6855034543bcdab74270f21453c471c0ff3bd6df3e211
                                                  • Instruction Fuzzy Hash: 52919B75200B00CFD724CF25E894A27B7F6FF89310B158A6DE8568BAA1D739F855CB90
                                                  Function 00790228 Relevance: .2, Instructions: 218COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 324 790228-79023b 325 790339-79034f 324->325 326 79045b-790469 call 7c5700 324->326 327 7903fb-790414 324->327 328 79035f-790367 324->328 329 7903be 324->329 330 7903de-7903e3 324->330 331 790311-790332 324->331 332 790370-79037e 324->332 333 7903d0-7903d7 324->333 334 790393-790397 324->334 335 790472-790477 324->335 336 790417-790430 324->336 337 790356 324->337 338 790308-79030c 324->338 339 7903ec-7903f4 324->339 340 790440-790458 call 7c5700 324->340 341 790480 324->341 342 790242-790244 324->342 343 790482-790484 324->343 344 790246-790260 324->344 345 790386-79038c 324->345 325->326 325->327 325->328 325->329 325->330 325->332 325->333 325->334 325->335 325->336 325->337 325->339 325->340 325->341 325->343 325->345 326->335 327->336 328->332 329->333 330->339 331->325 331->326 331->327 331->328 331->329 331->330 331->332 331->333 331->334 331->335 331->336 331->337 331->339 331->340 331->341 331->343 331->345 332->345 333->327 333->330 333->334 333->335 333->336 333->339 333->341 333->343 333->345 352 7903a0-7903b7 334->352 335->341 336->340 337->328 350 79048d-790b30 338->350 339->327 339->334 339->335 339->341 339->343 340->326 346 790296-7902bd 342->346 343->350 347 790262 344->347 348 790294 344->348 345->334 345->335 345->341 345->343 354 7902ea-790301 346->354 355 7902bf 346->355 353 790270-790292 call 792eb0 347->353 348->346 352->326 352->327 352->329 352->330 352->333 352->334 352->335 352->336 352->339 352->340 352->341 352->343 352->345 353->348 354->325 354->326 354->327 354->328 354->329 354->330 354->331 354->332 354->333 354->334 354->335 354->336 354->337 354->338 354->339 354->340 354->341 354->343 354->345 364 7902c0-7902e8 call 792e70 355->364 364->354
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00202168df8bfa9c7d4bfc2f42a6b5e3ec7356acf3162ee0b81d0eb279aa751b
                                                  • Instruction ID: 2f4a7907fcf98126a5fb0bd7657a2a7bcec37a819f929b4c753a1db8eb8827f1
                                                  • Opcode Fuzzy Hash: 00202168df8bfa9c7d4bfc2f42a6b5e3ec7356acf3162ee0b81d0eb279aa751b
                                                  • Instruction Fuzzy Hash: 50716674201700DFDB248F25E898F26B7F6FF89710F10C96DE8968B662C739A855CB64
                                                  Function 007C99D0 Relevance: .1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f0c1314428d86c6684680f0fffdae3e55ac0a7e8098aeddd0d757f6f694a30e
                                                  • Instruction ID: 412e2a4b2a259183bb067f1e48beb74a219cfc1e9709696cd4987ba1c040bdcd
                                                  • Opcode Fuzzy Hash: 9f0c1314428d86c6684680f0fffdae3e55ac0a7e8098aeddd0d757f6f694a30e
                                                  • Instruction Fuzzy Hash: C1419C74209340ABD7549E15E898F2FF7B6EB85724F24C82CF68A97251D339EC01CB66
                                                  Function 007C63B8 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 40502f95b461c91a5074d3f7bf683df18199921556b648aeb4ec7e628ef5075e
                                                  • Instruction ID: fc6c82a3445758743d023153de4fe71bbca14ba2e5467d3b87b5352b3e92961f
                                                  • Opcode Fuzzy Hash: 40502f95b461c91a5074d3f7bf683df18199921556b648aeb4ec7e628ef5075e
                                                  • Instruction Fuzzy Hash: 5631EE70209341BBDA28DB04CDC2F3AB7A2EB81B11F64890CF1815A2E1D378F9118B5A
                                                  Function 00790EEC Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c42871d901d14492ffeb1e6747c8f6900321b90d9cb1c0ef5d3279c120d45e2
                                                  • Instruction ID: c3c66a969b8f9ee32e93c42690509752933fb9ed540aeaf048b80dc0c1c8e647
                                                  • Opcode Fuzzy Hash: 4c42871d901d14492ffeb1e6747c8f6900321b90d9cb1c0ef5d3279c120d45e2
                                                  • Instruction Fuzzy Hash: 8F212AB590021ADFDF15CF94DC90BBEBBB2FB46304F144809E811BB292C735A901CBA4
                                                  Function 007C3220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 211 7c3220-7c322f 212 7c32ac-7c32b0 211->212 213 7c3236-7c3252 211->213 214 7c32a0 211->214 215 7c32a2-7c32a6 RtlFreeHeap 211->215 216 7c3254 213->216 217 7c3286-7c3296 213->217 214->215 215->212 218 7c3260-7c3284 call 7c5af0 216->218 217->214 218->217
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(?,00000000), ref: 007C32A6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 546e26fbad61879883dfbfe87c8c416df41f2d9d01073d6ba70d5e58a35be634
                                                  • Instruction ID: a03665966bc950cd9f892796007b84a1988ab32367b4b481ef0fa568b9d71bce
                                                  • Opcode Fuzzy Hash: 546e26fbad61879883dfbfe87c8c416df41f2d9d01073d6ba70d5e58a35be634
                                                  • Instruction Fuzzy Hash: 58014B3450D2409BC701AB18E949E1ABBF8EF4A700F05891DE5C58B361D239DD60CB96
                                                  Function 007C3202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 222 7c3202-7c3211 RtlAllocateHeap
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(?,00000000), ref: 007C3208
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: b22a362ab401f9100ca82c71655574d85df8c9754342df10a565902f20f0faf6
                                                  • Instruction ID: f2559bce5dfb014ccc11acbe5d25da7f85a8b9860e7810361a68090052bfa6f1
                                                  • Opcode Fuzzy Hash: b22a362ab401f9100ca82c71655574d85df8c9754342df10a565902f20f0faf6
                                                  • Instruction Fuzzy Hash: 16B012300400005FDA141B00EC0AF003620EB00705F800090A100040B1D1A55C64C558

                                                  Non-executed Functions

                                                  Function 0079DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                  • API String ID: 2994545307-1418943773
                                                  • Opcode ID: b4ea42769225f79d7a3550384201b19422f97a62dff9c9f7b41ed624702acfb7
                                                  • Instruction ID: ac6d902ebba6111aba16148f55003b58622d60cf3c0c747022acec1e95aa710b
                                                  • Opcode Fuzzy Hash: b4ea42769225f79d7a3550384201b19422f97a62dff9c9f7b41ed624702acfb7
                                                  • Instruction Fuzzy Hash: 46F279B05093819FDB70CF14D884BABBBE6BFD5304F14482DE4C98B252E7399995CB92
                                                  Function 007B23E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                  • API String ID: 0-786070067
                                                  • Opcode ID: 184d160bf77f0afb8c2a72d4957dab45cbbaa482c9fce1d6d69064547ea250ac
                                                  • Instruction ID: 84e2a5b0cdd4dce0d7ae69335390af7fbae1b6dd783e265adebc6f0e356035e8
                                                  • Opcode Fuzzy Hash: 184d160bf77f0afb8c2a72d4957dab45cbbaa482c9fce1d6d69064547ea250ac
                                                  • Instruction Fuzzy Hash: 0633AB70505B81CFD7258F38C590BA2BBF1BF16304F58899DE4DA8B692C739E906CB61
                                                  Function 007A9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                  • API String ID: 0-1131134755
                                                  • Opcode ID: f11128b64845fb3dcb6aeaad55be452cb3ee8383b57d551f86e27dce8108d726
                                                  • Instruction ID: 917616db8141c9af20baa89f096144bd1631dfe97ecfe33db60f4d46678e4b7d
                                                  • Opcode Fuzzy Hash: f11128b64845fb3dcb6aeaad55be452cb3ee8383b57d551f86e27dce8108d726
                                                  • Instruction Fuzzy Hash: E952C5B410D385CAE271CF25D581B8EBAF1BB92740F608A1DE1ED9B255DBB48049CF93
                                                  Function 007A9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                  • API String ID: 0-655414846
                                                  • Opcode ID: 31629d754ecbae3c8f1656576730b87d6009062ecf10f51d4a6145adb5401fe6
                                                  • Instruction ID: ddfa11eb7922a871244ed7c3e4ff17caf8e82180ff237e32ec35681befb37309
                                                  • Opcode Fuzzy Hash: 31629d754ecbae3c8f1656576730b87d6009062ecf10f51d4a6145adb5401fe6
                                                  • Instruction Fuzzy Hash: 80F12EB4508380ABD310DF15D885A2BBBF4FB86B48F144E1CF5D59B252E378D918CBA6
                                                  Function 007ADD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: z$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$rz$upH}${E$z
                                                  • API String ID: 0-2061800550
                                                  • Opcode ID: bdaa0532600db7c5edb4e1a991541533cb3547f9f7b6c75e8631db0061bfea5c
                                                  • Instruction ID: 3738fcf6eb81228abccb748b22db57d1182298faa8b85a1dcea6bf5af57eee35
                                                  • Opcode Fuzzy Hash: bdaa0532600db7c5edb4e1a991541533cb3547f9f7b6c75e8631db0061bfea5c
                                                  • Instruction Fuzzy Hash: 57921971E01205CFDB14CF68D8517AEBBB2FF8A320F698269E455AB391D7399D01CB90
                                                  Function 00958827 Relevance: 11.6, Strings: 8, Instructions: 1584COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 'Ho$-':g$.#^~$AnK$[F{]$]+7$l.hf$-r
                                                  • API String ID: 0-1553286230
                                                  • Opcode ID: 7a90c6fb2d11d33499f7a22155c66dd7159057c33daf810af621d67667de1424
                                                  • Instruction ID: 0668c55879b0d5eec107b47c71195201e03abbcd8cf5590d8009e1cc847313e0
                                                  • Opcode Fuzzy Hash: 7a90c6fb2d11d33499f7a22155c66dd7159057c33daf810af621d67667de1424
                                                  • Instruction Fuzzy Hash: EEB2F4F3A082049FE304AE2DEC8577ABBE5EF94720F1A493DEAC4C7744E63558058697
                                                  Function 007A098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                  • API String ID: 0-4102007303
                                                  • Opcode ID: c0384ef7fe88e713099dc00f7b33a234a55a01702f87fa659818906f8043d8f1
                                                  • Instruction ID: 3b3b606f6311cc63231dc93d2d357c596883f09c0b62934e3c53025bab596d8e
                                                  • Opcode Fuzzy Hash: c0384ef7fe88e713099dc00f7b33a234a55a01702f87fa659818906f8043d8f1
                                                  • Instruction Fuzzy Hash: 9A628AB5608381CBD730DF14D895BABB7E1FB96314F048E1DE49A8B641E3799940CB93
                                                  Function 00781000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                  • API String ID: 0-2517803157
                                                  • Opcode ID: b5c87f91f000a221a6419a2372ac5e1fbd93be4e1012b8a91811a49e52096c09
                                                  • Instruction ID: aab2dc285048b98b1c9726e0aae8dfcfc47810aa579c97b941d0c93efb2170d7
                                                  • Opcode Fuzzy Hash: b5c87f91f000a221a6419a2372ac5e1fbd93be4e1012b8a91811a49e52096c09
                                                  • Instruction Fuzzy Hash: C6D206716487418FD718DE28C89436ABBE2AFD5314F18CA2DE499C7392D738DD46CB82
                                                  Function 00956CAB Relevance: 7.9, Strings: 5, Instructions: 1681COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #=;$?N=$N0"$^6W$sd?{
                                                  • API String ID: 0-1423738112
                                                  • Opcode ID: e9274dc81da7cdfc2013522b3f3d0186f956249beabcbd438161932e38358de4
                                                  • Instruction ID: acea12aa3a4cbb7891d522f68e051d657699c74b55602246f5b5ca12f84891c2
                                                  • Opcode Fuzzy Hash: e9274dc81da7cdfc2013522b3f3d0186f956249beabcbd438161932e38358de4
                                                  • Instruction Fuzzy Hash: D2B2D5F360C2049FE3086E29EC8567ABBE9EFD4720F16893DE6C5C3744EA3558058697
                                                  Function 0094CB5C Relevance: 7.9, Strings: 5, Instructions: 1637COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 5j$9j$<[n$E no$p,
                                                  • API String ID: 0-1199918145
                                                  • Opcode ID: b35b60aa342c2516cd59c022219691a937291fdc42822991a50aa705debb5a1a
                                                  • Instruction ID: cb90dfbbd1c5933c4693f07ccb7e2ca3c45fb5ce3858d23283788e25fa4d0f04
                                                  • Opcode Fuzzy Hash: b35b60aa342c2516cd59c022219691a937291fdc42822991a50aa705debb5a1a
                                                  • Instruction Fuzzy Hash: ABB22BF3A0C2049FE3047E2DEC8567AFBE9EF94320F1A463DEAC593744E93558058696
                                                  Function 0094B200 Relevance: 7.8, Strings: 5, Instructions: 1559COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: &b/$&_s$Q8^_$t{zK$'?
                                                  • API String ID: 0-178144388
                                                  • Opcode ID: b2ef54f8036cb6baa4d1b92f650cdb4514f811ba68f01d706728f4b31ccfee88
                                                  • Instruction ID: 0e867a6e81b089de13fcf89137b012808361bcfe0b9adafe635815824315be0a
                                                  • Opcode Fuzzy Hash: b2ef54f8036cb6baa4d1b92f650cdb4514f811ba68f01d706728f4b31ccfee88
                                                  • Instruction Fuzzy Hash: 9AB2F5F360C2049FE304AE29EC8577AB7E9EF94720F1A892DE6C4C7744E63598418797
                                                  Function 007812F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0$0$0$@$i
                                                  • API String ID: 0-3124195287
                                                  • Opcode ID: 34b17bf47831ce95ea237cf2007133f5fe7ab0dbdbc7e15359343333278d05fa
                                                  • Instruction ID: 921fcc1e8450c5bb5c623e5a4dc3dfc252b7908a06d407ab1b7f53362f00d384
                                                  • Opcode Fuzzy Hash: 34b17bf47831ce95ea237cf2007133f5fe7ab0dbdbc7e15359343333278d05fa
                                                  • Instruction Fuzzy Hash: 0362F47164C3818FC318EF28C49476ABBE1AFD5304F188E6DE8D997292D778D946CB42
                                                  Function 0078164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                  • API String ID: 0-1123320326
                                                  • Opcode ID: c5c4d2fb29a1173769a59204279ac2013f626699713578021ebbfc1cec3fb645
                                                  • Instruction ID: 63a68a9debdc564c2c84ce1ec0ec61c5f713cc10f8b1eb36d836f765d8cd96f2
                                                  • Opcode Fuzzy Hash: c5c4d2fb29a1173769a59204279ac2013f626699713578021ebbfc1cec3fb645
                                                  • Instruction Fuzzy Hash: 99F1B03060D3818FC715DE28C49426AFFE2AFD9305F188A6DE4D987352D738D946CB92
                                                  Function 007813A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                  • API String ID: 0-3620105454
                                                  • Opcode ID: 74142d9ebe0202334edde2d0422dd7ec882c7787bf82f6a5c271c0db850080f5
                                                  • Instruction ID: b7aefe017b609a415a1b93ad49f4c6f4d5c963bc91b6c29cd8fbb0c11b8efcc1
                                                  • Opcode Fuzzy Hash: 74142d9ebe0202334edde2d0422dd7ec882c7787bf82f6a5c271c0db850080f5
                                                  • Instruction Fuzzy Hash: 35D1AF7160D7818FC719DE29C48426AFFE2AFD9304F08CA6DE4D987352D638D94ACB52
                                                  Function 007AFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :$NA_I$m1s3$uvw
                                                  • API String ID: 0-3973114637
                                                  • Opcode ID: 73ddf28b1d0ed3f826de0e6308b223388f7887ef414240d76f6670090ad3c747
                                                  • Instruction ID: 198e9b314764b69674a01227c729463e0c9f82a999a6bc28db8383c73ccf88d7
                                                  • Opcode Fuzzy Hash: 73ddf28b1d0ed3f826de0e6308b223388f7887ef414240d76f6670090ad3c747
                                                  • Instruction Fuzzy Hash: 2A32AAB0509380DFD311DF28D884B6BBBF1AB8A310F548A5CF5D58B292D339D905CBA6
                                                  Function 009444AC Relevance: 5.4, Strings: 3, Instructions: 1691COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 7u{w$BYYO$o
                                                  • API String ID: 0-3597269606
                                                  • Opcode ID: f7aec3057d0f1a201d34604aeb2c67a34759b86243684775db01235420fdcb87
                                                  • Instruction ID: 1064b51a9efb4554317f45db31b9c3884ab2a8a97f2bbd37eaf07621ce633c37
                                                  • Opcode Fuzzy Hash: f7aec3057d0f1a201d34604aeb2c67a34759b86243684775db01235420fdcb87
                                                  • Instruction Fuzzy Hash: CFB208F390C2149FE304AE2DEC8567ABBE9EF94720F16853DEAC4C3744EA3558058697
                                                  Function 00793BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+($;z$p$ss
                                                  • API String ID: 0-2391135358
                                                  • Opcode ID: 34948a1cc32b09ddd9d0338057f86d92bf58e40a297cfe76434cc5515080e823
                                                  • Instruction ID: f51368ec9c9618de08fdca13c1b9e40c6a42653bf8df1e02b13168d6c1383060
                                                  • Opcode Fuzzy Hash: 34948a1cc32b09ddd9d0338057f86d92bf58e40a297cfe76434cc5515080e823
                                                  • Instruction Fuzzy Hash: B9026EB4810B00DFD760EF24D986B56BFF5FB05700F50895DE89A8B696E334E815CBA2
                                                  Function 007A2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: a|$hu$lc$sj
                                                  • API String ID: 0-3748788050
                                                  • Opcode ID: 30d489551e65429318cc9216d720ea75d3f6d609ab4afa82ad33eab618ddca48
                                                  • Instruction ID: 4a2bd1057cf0dc2cadd23e80714ce0f3d968c6e987fa29101f824b5115f53656
                                                  • Opcode Fuzzy Hash: 30d489551e65429318cc9216d720ea75d3f6d609ab4afa82ad33eab618ddca48
                                                  • Instruction Fuzzy Hash: DBA19D70408341CBC720DF18C891A2BB7F0FF96754F548A4CE8D59B292E339D956CB96
                                                  Function 00951BCE Relevance: 5.4, Strings: 3, Instructions: 1613COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Am]$Hw~$c>
                                                  • API String ID: 0-2936317774
                                                  • Opcode ID: 7a5aca35c032102b065536e68758439f6ca59a573201ce8de9181937d7307095
                                                  • Instruction ID: 69564e40dca8f37113e2de62bd9a1111116a03fdfd3c23aefcb655efdb9dad07
                                                  • Opcode Fuzzy Hash: 7a5aca35c032102b065536e68758439f6ca59a573201ce8de9181937d7307095
                                                  • Instruction Fuzzy Hash: E6B2E5F390C2049FE704AE29EC8567AF7E5EF94720F1A453DEAC4C7744EA3598018697
                                                  Function 007AD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #'$CV$KV$T>
                                                  • API String ID: 0-95592268
                                                  • Opcode ID: dafdc526cd0460c676b83dc3cf7d6e8dfe37c8c894689a7a308b349cf577a3b9
                                                  • Instruction ID: d627fa9670dc5ec603319f47900cb8e5c2d1d761d6f388ba3f525212ba2c6bdc
                                                  • Opcode Fuzzy Hash: dafdc526cd0460c676b83dc3cf7d6e8dfe37c8c894689a7a308b349cf577a3b9
                                                  • Instruction Fuzzy Hash: DB8144B48017459FDB20DFA5D2851AFBFB1FF16300F604608E4866BA55D334AA55CFE2
                                                  Function 007AAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (g6e$,{*y$4c2a$lk
                                                  • API String ID: 0-1327526056
                                                  • Opcode ID: 7e67b8e712e47883e507b68232b8041b8a78677d644eef0daa4132b920ff1dd3
                                                  • Instruction ID: b88e56692c7106d403473d2efc6737d869d7b2d52f3536bc370c024332f1827a
                                                  • Opcode Fuzzy Hash: 7e67b8e712e47883e507b68232b8041b8a78677d644eef0daa4132b920ff1dd3
                                                  • Instruction Fuzzy Hash: 0541B5B4509381DBD7209F20D800BABB7F0FF86305F509A1EE5C897220EB39D904CB9A
                                                  Function 007AC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+($%*+($~/i!
                                                  • API String ID: 0-4033100838
                                                  • Opcode ID: 0d616b27e1892dc283407d08e6efca87798451dce38db2f667050f63a0851db6
                                                  • Instruction ID: 9d36018f32125bc12ea98c24393e2c0a67a4b16f0c8934514453839b15a9b83e
                                                  • Opcode Fuzzy Hash: 0d616b27e1892dc283407d08e6efca87798451dce38db2f667050f63a0851db6
                                                  • Instruction Fuzzy Hash: 36E188B5509340EFE3209F64D885B2BBBF5FB86340F54892DE6C987251DB39D814CB92
                                                  Function 00788590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: )$)$IEND
                                                  • API String ID: 0-588110143
                                                  • Opcode ID: 425ea9bbaeda3fbb29a1133c98f55b5bf944074afab4146744960f6e09fa0a3c
                                                  • Instruction ID: 5792bb2c3d80cd40716c7d4d0aa00f4cf676c47fd16b4f0e64adb0d7068ce593
                                                  • Opcode Fuzzy Hash: 425ea9bbaeda3fbb29a1133c98f55b5bf944074afab4146744960f6e09fa0a3c
                                                  • Instruction Fuzzy Hash: D2E102B1A487019FD350EF28C88572ABBE0BB94314F54892DF59597382EB79E814CBD3
                                                  Function 007C4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+($f
                                                  • API String ID: 0-2038831151
                                                  • Opcode ID: 2fd2e5c182733eb6efa9de7362db76163b4f5dc57415a234c7c6d77f5103883c
                                                  • Instruction ID: 88d2d1dbc96bb9e9042f00858050de97693eb72a171741d1d0fa4859449f659a
                                                  • Opcode Fuzzy Hash: 2fd2e5c182733eb6efa9de7362db76163b4f5dc57415a234c7c6d77f5103883c
                                                  • Instruction Fuzzy Hash: 47128B716083419FC715CF18C8A0F2ABBF5FB89314F188A2DF8D59B291D739E9458B92
                                                  Function 007BF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: dg$hi
                                                  • API String ID: 0-2859417413
                                                  • Opcode ID: 3c3ba98e8d4fb6ae6a34d515557303b6f6fe52702d0bbad6dc28f1ced2ac0182
                                                  • Instruction ID: 87141f04bc1af3dd8c983cf42e8901270fd47c0d2eeea79403c673e5b7447b46
                                                  • Opcode Fuzzy Hash: 3c3ba98e8d4fb6ae6a34d515557303b6f6fe52702d0bbad6dc28f1ced2ac0182
                                                  • Instruction Fuzzy Hash: 5CF18471618341EFE304CF24D891B6ABBF6EB96744F148D2DF0858B2A2D738D946CB16
                                                  Function 007835B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Inf$NaN
                                                  • API String ID: 0-3500518849
                                                  • Opcode ID: b5737e841bf7411a3e4b0078f8cdb8c506ca80c28c9ad6cba173ee66ad2de80d
                                                  • Instruction ID: 10d9ccc36a968f37e580bbd8c4c0e6e5e3d34b3679cd340d8b34b588b664f364
                                                  • Opcode Fuzzy Hash: b5737e841bf7411a3e4b0078f8cdb8c506ca80c28c9ad6cba173ee66ad2de80d
                                                  • Instruction Fuzzy Hash: B4D1D571B483119BC708DF2CC88061EB7E5FBC8B50F158A2DF99997390E679DD058B82
                                                  Function 008A0360 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: rFj$M#g
                                                  • API String ID: 0-2380308834
                                                  • Opcode ID: af16c761c1e511fe46ccdfbc6cfd9ef7d868be525c223e9722442a208f22e316
                                                  • Instruction ID: 9dbc0c0d3258ee0096360731e0d1127a9fbd743f28a9c38ddc3bc907fe3f3d71
                                                  • Opcode Fuzzy Hash: af16c761c1e511fe46ccdfbc6cfd9ef7d868be525c223e9722442a208f22e316
                                                  • Instruction Fuzzy Hash: 23514CF3A092145FE70C6E39EC9537AB7D6DB84320F2A863DEAC5837C4ED3508058286
                                                  Function 0079FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BaBc$Ye[g
                                                  • API String ID: 0-286865133
                                                  • Opcode ID: d014b2728a3d74843b93261fe930b66c6df9229eb273ccfba5e130fe594bad72
                                                  • Instruction ID: 782b122cc13460ed2a13199cd55754e4aab9304c85ae6d4273e3c29df603c192
                                                  • Opcode Fuzzy Hash: d014b2728a3d74843b93261fe930b66c6df9229eb273ccfba5e130fe594bad72
                                                  • Instruction Fuzzy Hash: CC519BB16093818AD7319F14C885BABB7E0FFD6360F084E1DE49A8B651E3789940CB97
                                                  Function 00785160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %1.17g
                                                  • API String ID: 0-1551345525
                                                  • Opcode ID: abea22848bde280778d4cb5a85217399c6c2f518626306bf23dac8379a36bf84
                                                  • Instruction ID: b09f885cb7d2764aed6ab98cb60f4d3aecc83e22646c45516b2d0b6fdc16b348
                                                  • Opcode Fuzzy Hash: abea22848bde280778d4cb5a85217399c6c2f518626306bf23dac8379a36bf84
                                                  • Instruction Fuzzy Hash: CD22E4B6A48B42CBE715AE18D940726BBE3AFE0318F1DC56DD8598B341E779DC04C742
                                                  Function 007B12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "
                                                  • API String ID: 0-123907689
                                                  • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                  • Instruction ID: cef87c5f8ba9010ae8108c6dfdfe94577c8d7f3c9ec1317a326544ece59bf837
                                                  • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                  • Instruction Fuzzy Hash: BFF11771A083418FC725CE24C4A47ABBBE5AFC5354F98C56DE89987382DA38DD05C792
                                                  Function 007AAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: aaff10d9bdd9c52fb2478ed4a24c34e9227c74757d4a1510cbf4cb161bb555f1
                                                  • Instruction ID: 4e1ccd83baea426d9ea548fa3abae376e852a13abb2b46e1e74aea2079d223e3
                                                  • Opcode Fuzzy Hash: aaff10d9bdd9c52fb2478ed4a24c34e9227c74757d4a1510cbf4cb161bb555f1
                                                  • Instruction Fuzzy Hash: B0E1A971508306DBC714EF28C89056AB7F2FFDA791F548A1CE4C587222E339E959CB82
                                                  Function 00796EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: 6d88c6788a193c23b92fd1d03fd48fdce86c44dff0feb541edd2cca146725a87
                                                  • Instruction ID: de8b1b2b36e79f5defb45b1629cc91002694a11a8367902ee3f9091c7327f30a
                                                  • Opcode Fuzzy Hash: 6d88c6788a193c23b92fd1d03fd48fdce86c44dff0feb541edd2cca146725a87
                                                  • Instruction Fuzzy Hash: 90F18EB5600B01CFCB25DF24E891A26B3F6FF48314B148A2DE49787691EB39F815CB55
                                                  Function 007A7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: 0f7acf4d3265e688e6f653c749c42fb982b239c4a94727dad6ab6b133e8f5b8a
                                                  • Instruction ID: 9e1480fe3baacd3549f61d0d9bb86afc735f18375221869d493e947e46885d3f
                                                  • Opcode Fuzzy Hash: 0f7acf4d3265e688e6f653c749c42fb982b239c4a94727dad6ab6b133e8f5b8a
                                                  • Instruction Fuzzy Hash: 0BC1B071908200ABD751AB14CC81A2BB7F5EF96754F088A1CF8C597291E739DD15CBA3
                                                  Function 007A8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: 33641c863c2b386f8dfa7f77e40aada9da763ef477613ced3d57ae45439e9d50
                                                  • Instruction ID: c255b1d8cc77a0022cdf829be2e14d31a06d200e00534f91e84e14cec2013ea4
                                                  • Opcode Fuzzy Hash: 33641c863c2b386f8dfa7f77e40aada9da763ef477613ced3d57ae45439e9d50
                                                  • Instruction Fuzzy Hash: 88D1CD70619302DFD704DF64D880B2AB7F6FF89310F59896EE98687291D738E850CB91
                                                  Function 00794487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BIy
                                                  • API String ID: 0-2218638696
                                                  • Opcode ID: c4f109e2458962418ff4e3a8338fc2b51636446642613349d994527fc367d37f
                                                  • Instruction ID: ccd0122e673305794c62d01d273773487a608a9fec3c3dbc743e09e6f38578de
                                                  • Opcode Fuzzy Hash: c4f109e2458962418ff4e3a8338fc2b51636446642613349d994527fc367d37f
                                                  • Instruction Fuzzy Hash: 7AE100B5601B00CFD721CF28E996B97B7E1FF06708F04886CE4AA87752E739B8148B54
                                                  Function 007C7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: P
                                                  • API String ID: 0-3110715001
                                                  • Opcode ID: b83ffa531d133aa311f0eca43182aa11d382c1cb0725b45c0721dcba80190e63
                                                  • Instruction ID: 2d9dbdb25b2d49310f69140955836b2dd4e26a942d574566b1160282907a2b77
                                                  • Opcode Fuzzy Hash: b83ffa531d133aa311f0eca43182aa11d382c1cb0725b45c0721dcba80190e63
                                                  • Instruction Fuzzy Hash: 19D1F6729082658FC725CE18D890B1EB7E1EB85718F15863CE8B5AB380DB79DD46C7C2
                                                  Function 007C6CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "p|
                                                  • API String ID: 0-2986610557
                                                  • Opcode ID: a4b6a35cd541e080dd059dcd02d0e796b511b96d35194e0c535875f24b459eb6
                                                  • Instruction ID: 37eeff70cf0efa47b245eee7c4ae9da025d3ff867f0fb7a219171d8efab0db83
                                                  • Opcode Fuzzy Hash: a4b6a35cd541e080dd059dcd02d0e796b511b96d35194e0c535875f24b459eb6
                                                  • Instruction Fuzzy Hash: 29D1D236619355CFC724CF38D8C052AB7F2AB89314F098A6ED495C7391D338DA44CBA5
                                                  Function 007ACCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: %*+(
                                                  • API String ID: 2994545307-3233224373
                                                  • Opcode ID: 3637140d8da8cf08537cf55ac86a08919c3e7317483f17cef7734f5c19e57dd7
                                                  • Instruction ID: 972c1adde526f1c503c78d335079726b90565341eaa6fba0bb4658cc96021adc
                                                  • Opcode Fuzzy Hash: 3637140d8da8cf08537cf55ac86a08919c3e7317483f17cef7734f5c19e57dd7
                                                  • Instruction Fuzzy Hash: EEB1ED71609301AFD715DF14D880B2BBBE2EFC6350F144A2CE5C58B252E339E855CBA2
                                                  Function 0078A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,
                                                  • API String ID: 0-3772416878
                                                  • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                  • Instruction ID: ee0188a25a055c0dc58baf9f4fd5a568ed196dc12885134674802e3e77cd2944
                                                  • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                  • Instruction Fuzzy Hash: 12B1287120C3819FD325DF18C88061BBBE1AFA9704F448A2DF5D997342D675EA18CB67
                                                  Function 007BFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: cc13aca87c96ce51779a31966381c7cf96da8cd5b95ee55ccca6d721f6415a56
                                                  • Instruction ID: f5ac18ee95d2fa2d97e84326aa869c1aafe6431e971476f0d35822c0398c78e2
                                                  • Opcode Fuzzy Hash: cc13aca87c96ce51779a31966381c7cf96da8cd5b95ee55ccca6d721f6415a56
                                                  • Instruction Fuzzy Hash: 6E81A9B0209200EFD710DF68DC84B6AB7F5FB99B01F14882DF58497292E739E915CB62
                                                  Function 0079D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: 869bc11f9c6a469e0a8a39a3811f3eb633fccbddb0e40c899d49ac0f72622b80
                                                  • Instruction ID: a46420991f13d04aa0375bfdc11c394ca1a7fe18fe288341c773488077d15661
                                                  • Opcode Fuzzy Hash: 869bc11f9c6a469e0a8a39a3811f3eb633fccbddb0e40c899d49ac0f72622b80
                                                  • Instruction Fuzzy Hash: F961E371909205DBDB20EF58EC82A2AB3B0FF95354F09452DF9858B351E339ED10C796
                                                  Function 007C4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: 08d75f952bd0ef1954e07f4f0de4997d2c7308cf9c2453f343f19f39b02a1887
                                                  • Instruction ID: 1b09abb97f82b3d13be657db52b7689a28c28924493042e97a572342ee356bc7
                                                  • Opcode Fuzzy Hash: 08d75f952bd0ef1954e07f4f0de4997d2c7308cf9c2453f343f19f39b02a1887
                                                  • Instruction Fuzzy Hash: 9C61D3B16093419FD720DF15C8A0F2AB7E6EBC4324F28891DE9C5872A1D779EC50CB65
                                                  Function 0078E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0078E333
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                  • API String ID: 0-2471034898
                                                  • Opcode ID: 2d10e2338fc2cd1078fc8d1002c5a791ed240dfbb2a1d284ba4e8895e7042a74
                                                  • Instruction ID: 16c7d42bea71c3bffa67897eb059848b3dea52b58b25513318fa040c77438a41
                                                  • Opcode Fuzzy Hash: 2d10e2338fc2cd1078fc8d1002c5a791ed240dfbb2a1d284ba4e8895e7042a74
                                                  • Instruction Fuzzy Hash: 16513723B99AA04BD329A93C5C552AA7BC71BE2334B3DC369E9F5CB3E1D61D4C004390
                                                  Function 007C3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: acdc1bc684621f5729dd0b461433dadae71509578aecae61d270ff8cdddc92b6
                                                  • Instruction ID: 7c21bace737b1f1a809df1eadffeb171215893591713241846a6af2ffd6c590a
                                                  • Opcode Fuzzy Hash: acdc1bc684621f5729dd0b461433dadae71509578aecae61d270ff8cdddc92b6
                                                  • Instruction Fuzzy Hash: F4518D70609240DBCB24DF15D884F2EBBE5EB89759F14C81DE4C687251D77AEE20CB62
                                                  Function 0082ED66 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ~~
                                                  • API String ID: 0-1806285956
                                                  • Opcode ID: 39522df46b5572b63f41a1362c24bbc8aaa0caacbd8b35a275cf347ae8961615
                                                  • Instruction ID: 43b1aede0ca16ba28a952afb2028f7187166d32f95e92a38cb08c21e24dc5df9
                                                  • Opcode Fuzzy Hash: 39522df46b5572b63f41a1362c24bbc8aaa0caacbd8b35a275cf347ae8961615
                                                  • Instruction Fuzzy Hash: 8F4101B3E042245BF3585979CC887B6BA86EBD1321F1B82388F4997BC8DC3C1D094285
                                                  Function 00791BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L3
                                                  • API String ID: 0-2730849248
                                                  • Opcode ID: 7991c4a372fd8ecb66fd2e4cbf4805e4ab905320c0c38a02f8cbd24ecff94ecc
                                                  • Instruction ID: a1dee31b7c7a6365b7068bb2244f952d5bd7385b660dedc740c6018c8d470d79
                                                  • Opcode Fuzzy Hash: 7991c4a372fd8ecb66fd2e4cbf4805e4ab905320c0c38a02f8cbd24ecff94ecc
                                                  • Instruction Fuzzy Hash: 8E4166B41083819BCB149F18E854A2FBBF0FF86354F448A1DF5C59B291D73AC915CB6A
                                                  Function 007BFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: e049165d002f385d763d7d837b0437a085fcb0cacbc94e3298a9b2d8b6bd08ef
                                                  • Instruction ID: 7e154458a21c6c886b38208c66b25157304133eb661e1fe2dd1769e36525f6ca
                                                  • Opcode Fuzzy Hash: e049165d002f385d763d7d837b0437a085fcb0cacbc94e3298a9b2d8b6bd08ef
                                                  • Instruction Fuzzy Hash: 7331E1B1A08305EBD610EA24DC85F2BB7E8EB85758F55482DF88497252E339DC54C7E3
                                                  Function 007AE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 72?1
                                                  • API String ID: 0-1649870076
                                                  • Opcode ID: c13236360be56b9dffd01eaac85c2425c178cea09a12214b6a34a87ff11a9724
                                                  • Instruction ID: 5e5f57218f0e16d6bd458c09d7aaeddf2860d16cdecd47dfc72f4212323ebdca
                                                  • Opcode Fuzzy Hash: c13236360be56b9dffd01eaac85c2425c178cea09a12214b6a34a87ff11a9724
                                                  • Instruction Fuzzy Hash: 7F3137B1A01244DFCB20DF95E8D05AFBBB4FB4A304F98496DE446A7301D339AD00CBA2
                                                  Function 00796F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %*+(
                                                  • API String ID: 0-3233224373
                                                  • Opcode ID: aaad03822941baab9bf69e952fe73ceeb1a93997c089ecd91133e9cddc78d942
                                                  • Instruction ID: 6b6bdce5b4322b1c80a4b5f681c5f45f4b0e8e3a1d0f50c58c2b74339876244a
                                                  • Opcode Fuzzy Hash: aaad03822941baab9bf69e952fe73ceeb1a93997c089ecd91133e9cddc78d942
                                                  • Instruction Fuzzy Hash: F7415B75215B04DBDB388F65E994F26B7F2FB09701F24891DE5869B6A1E339F800CB24
                                                  Function 007AE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 72?1
                                                  • API String ID: 0-1649870076
                                                  • Opcode ID: d07673825314440b5d7bc276cd02f213468d514dea7219e7b8a5a3c2125e0dc8
                                                  • Instruction ID: dc8a5b02599e57095f9752984511de49f463a13a86a068366fd03a3f8ef04671
                                                  • Opcode Fuzzy Hash: d07673825314440b5d7bc276cd02f213468d514dea7219e7b8a5a3c2125e0dc8
                                                  • Instruction Fuzzy Hash: C121E571901244DFC721DF95D89056FBBB5BB4A740F54495DE446A7341C339AD00CBA6
                                                  Function 007C9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: @
                                                  • API String ID: 2994545307-2766056989
                                                  • Opcode ID: 441aaac6bc41913d895b83b0d5690a73f0b969ad5499ee1d9235ef1ca79deaf8
                                                  • Instruction ID: 6dde490673c7fb7628b6bb32d57b2e5c656d00617593d21259e15e945a472cda
                                                  • Opcode Fuzzy Hash: 441aaac6bc41913d895b83b0d5690a73f0b969ad5499ee1d9235ef1ca79deaf8
                                                  • Instruction Fuzzy Hash: 6F3178706093409BD354DF14D884B2AFBF9EF9A314F24992CE6C6A7251D339D904CBA6
                                                  Function 00794E2A Relevance: 1.0, Instructions: 957COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f421d13f046a1e3432e2437709c5122f892fc23e177010cbcb0a6c57db2e0c82
                                                  • Instruction ID: 3e74da06b5802afd058d9b471840260df1cc1ba9e2d51e14c89338808f1e7cd5
                                                  • Opcode Fuzzy Hash: f421d13f046a1e3432e2437709c5122f892fc23e177010cbcb0a6c57db2e0c82
                                                  • Instruction Fuzzy Hash: 4B626BB0600B408FDB26DF24E994B27B7F6AF49704F54896CD49B87A52E738F814CB91
                                                  Function 0078BEB0 Relevance: .9, Instructions: 895COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                  • Instruction ID: 4595741508e51813eb0e6a5000762f2573fc6f87c8d09aa601ba5ab24a891d5f
                                                  • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                  • Instruction Fuzzy Hash: EA522C31A487118BC726EF18D8442BAF3E1FFD5315F294A3DD9C693281E738A851CB96
                                                  Function 007C8652 Relevance: .7, Instructions: 710COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1e2a3133984f8b24583ded2b1b8d449a33e8b1d680f4711c179d00f2cfff20a1
                                                  • Instruction ID: 962460e3a4a2b729c05df36e0ffb4af6cc5489a63428c887c8641b1c46db86f2
                                                  • Opcode Fuzzy Hash: 1e2a3133984f8b24583ded2b1b8d449a33e8b1d680f4711c179d00f2cfff20a1
                                                  • Instruction Fuzzy Hash: AE22BB35609345DFC704DF68E890A2ABBF1FB8A315F09886EE5C987351D73AE850CB46
                                                  Function 007C86F0 Relevance: .7, Instructions: 681COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2846e447ca22d2cb73f0fe12660af1ba9c14e0a2e329e964195ba07ff922a75c
                                                  • Instruction ID: 8222bc25cfa40bef9ec37639715ccad9ea2d76afa5da99ef063e1df49a5d29f0
                                                  • Opcode Fuzzy Hash: 2846e447ca22d2cb73f0fe12660af1ba9c14e0a2e329e964195ba07ff922a75c
                                                  • Instruction Fuzzy Hash: A822A935609345DFC704DF68E890A1ABBF1FB8A305F09896EE5C987351D73AE850CB46
                                                  Function 0078B3A0 Relevance: .7, Instructions: 670COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17c874a0e1dbef7ea0270daf23a896b1fc64e42b66cc8cd07866515371fb2919
                                                  • Instruction ID: f4c0ffe528b8b59a85d627a9b75cc8ad7e20d26f917dabfbf34fafb0e69acb02
                                                  • Opcode Fuzzy Hash: 17c874a0e1dbef7ea0270daf23a896b1fc64e42b66cc8cd07866515371fb2919
                                                  • Instruction Fuzzy Hash: C052D470A48B888FE735EB34C4847A7BBE2AF91314F144C2EC5E606B82D77DA885C751
                                                  Function 007871F0 Relevance: .7, Instructions: 657COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12394a16509b66212d4ef735569949a0336866ef44cfec0dc8114ced0abba1e3
                                                  • Instruction ID: e1f3d91e13d02122553c09834a2c61ab82d9f2710e86497c9743cc12966e29f0
                                                  • Opcode Fuzzy Hash: 12394a16509b66212d4ef735569949a0336866ef44cfec0dc8114ced0abba1e3
                                                  • Instruction Fuzzy Hash: 9A52D47150C3458FCB19DF28C0806AABBE1FF89314F298A6DF89A57352D778D949CB81
                                                  Function 00955CDA Relevance: .7, Instructions: 653COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bca6bc6e009f732a2a92551e75bf8fddfcc0b0d187f65a73851dc8b7229bb20e
                                                  • Instruction ID: a4a57ef5c1b631efd76d5e0b98f166878e99e3fded7801e3edc51862ab2484a8
                                                  • Opcode Fuzzy Hash: bca6bc6e009f732a2a92551e75bf8fddfcc0b0d187f65a73851dc8b7229bb20e
                                                  • Instruction Fuzzy Hash: 6422E5F250C300AFD3046F29EC8567AFBE5EF94760F1A892DE6C483744EA3598158797
                                                  Function 00788FD0 Relevance: .6, Instructions: 620COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 026fd60004a3fb5dd5a4f4ad4e06ad34bbcacc995b9030ec63686e4df0db1c10
                                                  • Instruction ID: 1bb493b75b9f052edc657a1d171ab2b093fadfb244119ec6c0c12a519256839a
                                                  • Opcode Fuzzy Hash: 026fd60004a3fb5dd5a4f4ad4e06ad34bbcacc995b9030ec63686e4df0db1c10
                                                  • Instruction Fuzzy Hash: 4A426775608381DFD708CF28D850BAABBE1BF88315F09886DE5858B3A1D739D995CF42
                                                  Function 00787BF0 Relevance: .6, Instructions: 592COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a6e6a406085e120489bacc944ea4262b483dad901a08da34956dce94424f4d9
                                                  • Instruction ID: ff8a88efc6453c3c09006d7ccd029373f6c21d85d519e849c24b0fe231c00c4f
                                                  • Opcode Fuzzy Hash: 0a6e6a406085e120489bacc944ea4262b483dad901a08da34956dce94424f4d9
                                                  • Instruction Fuzzy Hash: C0322270654B118FC368DF29C59052ABBF2BF45710BA04A2ED6A787F91DB3AF845CB10
                                                  Function 007C89A0 Relevance: .5, Instructions: 545COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9520bc1339d63f1f58328b8aa357f06dd4fc4a9b46fe9c72304965b63d77bd7
                                                  • Instruction ID: e56d8919f7832d0c800c8c0a9145fe90a503b0264e9748a0cde9fe6a30509cb5
                                                  • Opcode Fuzzy Hash: f9520bc1339d63f1f58328b8aa357f06dd4fc4a9b46fe9c72304965b63d77bd7
                                                  • Instruction Fuzzy Hash: E6029935609241DFC704DF68E880A1AFBF1FF8A315F09896EE5C587261D73AE850CB96
                                                  Function 007C8A80 Relevance: .5, Instructions: 524COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c58186581d71332f3d7dc0384c97f5e97e8067403dc455d78682864ba502c221
                                                  • Instruction ID: f19765b0f5a5d98b8f20a297b5ec36c99dde9a21ce1f317a19d5fb7b3658a01a
                                                  • Opcode Fuzzy Hash: c58186581d71332f3d7dc0384c97f5e97e8067403dc455d78682864ba502c221
                                                  • Instruction Fuzzy Hash: 73F19931609341DFC704DF28D884A1EFBF1BB8A305F09892DE5C587251D73AE910CB96
                                                  Function 007C8C02 Relevance: .5, Instructions: 487COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3487e005b7504d6a072b812a1611e7322baee1f3e92c07109dd879077ec017fd
                                                  • Instruction ID: 97f573cdbfda4710b76b07ba74b4b6d1ee4a7920f1af16ee1bc51e2735e7b7fe
                                                  • Opcode Fuzzy Hash: 3487e005b7504d6a072b812a1611e7322baee1f3e92c07109dd879077ec017fd
                                                  • Instruction Fuzzy Hash: ACE1BC31609241DFC704DF28E880A2AFBF1FB8A315F09896DE5D997351D73AE910CB96
                                                  Function 0078A300 Relevance: .5, Instructions: 459COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                  • Instruction ID: c916773e2ffa8d5df8b935a68e26b72689e121da3bc25c3494750b2e7b06cf5c
                                                  • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                  • Instruction Fuzzy Hash: 64F1CD766483419FD725DF29C88166BFBE2AFD8300F08882DE4C587752E639E945CB62
                                                  Function 007C8E70 Relevance: .4, Instructions: 420COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5732aad70256929c65cb7b58e2ef8a820839c04e47887c784f0e69e4d3c71b90
                                                  • Instruction ID: eae287a78b4fe9e55ff76e155c07d20385362a24c7a2a08bd04b26f1d5ebe429
                                                  • Opcode Fuzzy Hash: 5732aad70256929c65cb7b58e2ef8a820839c04e47887c784f0e69e4d3c71b90
                                                  • Instruction Fuzzy Hash: 1FD19B3460D281DFD744EF28D884A2AFBF5FB8A305F09896DE5C587251D73AE810CB96
                                                  Function 007C7AB0 Relevance: .4, Instructions: 354COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3512a42a49ac126224dd0991ea711d5cfde2fcc6e112266aa4994dd1e86ada5
                                                  • Instruction ID: ee8b9fcd40d790dda87042ced2ddf388041fe0e7ce3e14b8009ad930238562fa
                                                  • Opcode Fuzzy Hash: a3512a42a49ac126224dd0991ea711d5cfde2fcc6e112266aa4994dd1e86ada5
                                                  • Instruction Fuzzy Hash: D9B10972A0C3508BD328DE28DC45B6BB7E9ABC4314F08496DE995D7351EB39DC04CB92
                                                  Function 0078AF10 Relevance: .3, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                  • Instruction ID: 0e4020ad811b22f89b370f4f4d48c0e5b669e6eb616c3eeead1b6e61030eb8a8
                                                  • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                  • Instruction Fuzzy Hash: 07C18AB2A487418FC360DF28DC96BABB7E1FF85318F08492DD1D9C6242E778A155CB06
                                                  Function 00796536 Relevance: .3, Instructions: 295COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b73410a2529fd4d388f2908c278c97dd3c4e31b49f329e0fb68ecddc3bac99ab
                                                  • Instruction ID: 712251e43e39a28ae70cdd9e1c2cf17fde671b3cdfaf81e9010e43f8aca0ed14
                                                  • Opcode Fuzzy Hash: b73410a2529fd4d388f2908c278c97dd3c4e31b49f329e0fb68ecddc3bac99ab
                                                  • Instruction Fuzzy Hash: B4B11FB4600B408FC721CF24D985B27BBF2AF46704F14895CE8AA8BB52E379F805CB54
                                                  Function 007C7710 Relevance: .3, Instructions: 287COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: c1499d626797f5dce78c484dd3c5585ab58351ec634233bf7d8a1847dcba8005
                                                  • Instruction ID: 069484fc9fc94bba0c9843dacccc2999368e4fb1eeefc08d7d64997b1fcfd69a
                                                  • Opcode Fuzzy Hash: c1499d626797f5dce78c484dd3c5585ab58351ec634233bf7d8a1847dcba8005
                                                  • Instruction Fuzzy Hash: A5919D71608301ABE728DB14D885F6FBBE5EB85360F54881CF98497352EB38E950CB92
                                                  Function 007CA0D0 Relevance: .3, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 644f997fd5bde3cb4bfdcce2aaef39c077a9de59fa1beefa0c3e2e6ec3fe81cd
                                                  • Instruction ID: a958e6baa97f54f4204307989a46c20bf030e4db6e2ff6bd325f5ab0f8de3bef
                                                  • Opcode Fuzzy Hash: 644f997fd5bde3cb4bfdcce2aaef39c077a9de59fa1beefa0c3e2e6ec3fe81cd
                                                  • Instruction Fuzzy Hash: 1E819E34209749ABD724DF28C890F2AB7F5FF85759F15892CE48587252E739EC10CB92
                                                  Function 007B64F0 Relevance: .2, Instructions: 246COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a65b721fcd851099348c9c7a479c0e1d8c52fc424810e5b76dff3618df0ccd9
                                                  • Instruction ID: 16f2756546659b1e61ffdd371799c54fdb198ec27325e880aea763d535c80531
                                                  • Opcode Fuzzy Hash: 3a65b721fcd851099348c9c7a479c0e1d8c52fc424810e5b76dff3618df0ccd9
                                                  • Instruction Fuzzy Hash: 9F71C633B29A904BC324997C5C453E5AA935BD6338B3DC379EAB4CB3E5D52D8C164350
                                                  Function 008BB5D2 Relevance: .2, Instructions: 246COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8365e7f835ae89dcbc29e41ff1cd9c2a90b49ef044153527fa1f78bcd8b43bd0
                                                  • Instruction ID: e80796da7fad845798572ca5f485560e5443b1166f4fba9b53faaf1fe705836a
                                                  • Opcode Fuzzy Hash: 8365e7f835ae89dcbc29e41ff1cd9c2a90b49ef044153527fa1f78bcd8b43bd0
                                                  • Instruction Fuzzy Hash: 7F718AF3D042285BE314692CEC057AAB7D5DB94720F2F823DDE8893794F9799C0582C1
                                                  Function 007A28E9 Relevance: .2, Instructions: 244COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70c37e1b8f6449e21fcef9d005fdbbfeabfd848551585959202ebf3d5c7416d7
                                                  • Instruction ID: ac4868d07361673346113fb7bb35330bb2c412394f58885496089eea8d311912
                                                  • Opcode Fuzzy Hash: 70c37e1b8f6449e21fcef9d005fdbbfeabfd848551585959202ebf3d5c7416d7
                                                  • Instruction Fuzzy Hash: 7E617974408340DBD311AF19D841A2ABBF0FF92750F188A1DF5C58B262E339D911CBA7
                                                  Function 007A7C00 Relevance: .2, Instructions: 243COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9cffa3b4fe46a9f42e390658f257b1face7864dd418503ffa4165095dd3e873c
                                                  • Instruction ID: 2f4fbb0d8d3e6d226d7619bbb8c6c4c18c23f957e50d34274cf1caae1137bb34
                                                  • Opcode Fuzzy Hash: 9cffa3b4fe46a9f42e390658f257b1face7864dd418503ffa4165095dd3e873c
                                                  • Instruction Fuzzy Hash: 7851A1B1708204ABDB289B64CC96B7733B8EF86764F148658F9858B291F379DC05C762
                                                  Function 007B1860 Relevance: .2, Instructions: 217COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                  • Instruction ID: 25a95ec40ddc1b23cb2b39eea886d75d0406596eb6b21cde98adae1feee00b56
                                                  • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                  • Instruction Fuzzy Hash: 8361C031609381ABD714CF28C5A07AFBBE2ABC5350FE4C92EF4898B351D278ED859741
                                                  Function 007B82D0 Relevance: .2, Instructions: 215COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecf2044e41631123f2b8c97d06d744264835abc477e841743dea0695fb1f00cb
                                                  • Instruction ID: dbe5d743f44011f2da2f912b98043128ee73b5d9fc266a44b41490db5a71d6f7
                                                  • Opcode Fuzzy Hash: ecf2044e41631123f2b8c97d06d744264835abc477e841743dea0695fb1f00cb
                                                  • Instruction Fuzzy Hash: C8613723A5AA914BC365493C5C553EA6ACB5BD2330F3EC36AD8B58B3E5CD6D4C02C342
                                                  Function 008C1B9D Relevance: .2, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f30e71b8461eeaf8cfc40ace763f22033dc36b95ee48e4686cdd56cbd43ea71
                                                  • Instruction ID: acbedda31afe0e127a485f1b835e883e8d1f9f8931f9f91cf0df2d0a4fd6fb24
                                                  • Opcode Fuzzy Hash: 7f30e71b8461eeaf8cfc40ace763f22033dc36b95ee48e4686cdd56cbd43ea71
                                                  • Instruction Fuzzy Hash: FB6104B39083009FE3016E3DDD497ABBBE6EFD4720F1AC93DE6C483A54DA3589058656
                                                  Function 007942FC Relevance: .2, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6be62d5d369b03b39d9b29f826fcff442b5c0de6524a851570df5f1d35c8e638
                                                  • Instruction ID: 76be3a2357368ebb3697307fa6a03bc4a70b0513bcdf3629379ea4cf40f69e1a
                                                  • Opcode Fuzzy Hash: 6be62d5d369b03b39d9b29f826fcff442b5c0de6524a851570df5f1d35c8e638
                                                  • Instruction Fuzzy Hash: BC81EFB4810B00AFD360EF39D94BB57BEF4AB06201F404A1DE4EA96695E7346419CBE2
                                                  Function 008A55BA Relevance: .2, Instructions: 190COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca0f6f548ee80801b517b887963547f7e4a4410efe5d9f08d0d4fa43efaaba46
                                                  • Instruction ID: 4635b2ae1f6d004c376d642b712beca074556763c27c722e3e8eaf0caadb5bf0
                                                  • Opcode Fuzzy Hash: ca0f6f548ee80801b517b887963547f7e4a4410efe5d9f08d0d4fa43efaaba46
                                                  • Instruction Fuzzy Hash: FF5138F3A187148BE304AE79DC4576ABBD6EBD4320F2A863DD5C4C7784EA3598418781
                                                  Function 007BE8A0 Relevance: .2, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                  • Instruction ID: 5a241b0a5a317287d5861eec1d0c0784fa8c3b706bbe5068af832ac2bcf038e6
                                                  • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                  • Instruction Fuzzy Hash: 9F515DB16087548FE314DF69D4947ABBBE1BBC5318F044E2DE4E987351E379DA088B82
                                                  Function 00939F43 Relevance: .2, Instructions: 177COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7292603dda794dd191a48fe31bc9d544a16e57c07972a89d867a22fa9f36e66
                                                  • Instruction ID: 095fee7163e34f871ca6bddc3b6aec21b1c6405f59188957bf2e385ee0508841
                                                  • Opcode Fuzzy Hash: c7292603dda794dd191a48fe31bc9d544a16e57c07972a89d867a22fa9f36e66
                                                  • Instruction Fuzzy Hash: FE512BF3E082045BE3186D38DC95735B3D9EB64760F2B063CDF9597380E9395D148296
                                                  Function 007C7520 Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f01d480696b08e9f07b1601e7da7c8ccfffde3d322a3722b4e34fbbfa5f701fe
                                                  • Instruction ID: d25de7b8f37d47ab58405060ef963e932835e03deddf100550c042a821a3f6e4
                                                  • Opcode Fuzzy Hash: f01d480696b08e9f07b1601e7da7c8ccfffde3d322a3722b4e34fbbfa5f701fe
                                                  • Instruction Fuzzy Hash: D3510B3160D2009BC7199E18DC90F2EB7E6FB85765F288A2CE9D557391DB39EC10CBA1
                                                  Function 00785A50 Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cb584c98904c69a4dc70782d5dbec75fc7b3986f192f696335d04eceb20ddde
                                                  • Instruction ID: 379873a886435b4b36468f90ac88eed2474856e06dd0bcc4d7b21a625b1a980f
                                                  • Opcode Fuzzy Hash: 8cb584c98904c69a4dc70782d5dbec75fc7b3986f192f696335d04eceb20ddde
                                                  • Instruction Fuzzy Hash: BB5105B5A447059FC714EF14D880926BBE1FF85324F19866CF8999B352D738EC42CBA2
                                                  Function 007AEC48 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6eda30906480ac857595f4224a2f842dcd7072d50e07e3e030ea88b042f6a63
                                                  • Instruction ID: cd7f5c9b021201266e041995b9f8fb22fe8813a21e9cb3a9d533be09eb66d03e
                                                  • Opcode Fuzzy Hash: a6eda30906480ac857595f4224a2f842dcd7072d50e07e3e030ea88b042f6a63
                                                  • Instruction Fuzzy Hash: 2941AF74A00315DBDF208F94DCA1BADB7B0FF4A310F544648E945AB3A1EB38A951CBA5
                                                  Function 00829B1A Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9450a6dee550cbd7ec2103dbb254edfa7920b8c777043a95564f13f37d19e0f1
                                                  • Instruction ID: fdc014b8b082f5de100a382c8cb2c3e51110db2b1690a28d5c0fba42c06fdfe5
                                                  • Opcode Fuzzy Hash: 9450a6dee550cbd7ec2103dbb254edfa7920b8c777043a95564f13f37d19e0f1
                                                  • Instruction Fuzzy Hash: 3C41E3F3A0C6009FE304AE69ECC173AB7D6EF94710F1A893DDAC587740EA7858058782
                                                  Function 007C9B60 Relevance: .1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed1abdd9c0b8108a7d8ad804e66e178fc70974ac4b92c397615270876524b51f
                                                  • Instruction ID: 7f4fa3a029810754c535f5776a70ddce1c0c6715abd81e8d9596f371234d2b6b
                                                  • Opcode Fuzzy Hash: ed1abdd9c0b8108a7d8ad804e66e178fc70974ac4b92c397615270876524b51f
                                                  • Instruction Fuzzy Hash: 56418F74209300EBD760DF25D994F2AB7F6EB85714F64882CF68997251D339EC00CBA6
                                                  Function 00792030 Relevance: .1, Instructions: 136COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ec748d2ff20236a246b2225f31f99fc0d36868f10f6f39911e21bcc0b0aed9cd
                                                  • Instruction ID: ef59265dfaa383311445afd47a549c543f443b9df7a06c76e765ad1def0b5c30
                                                  • Opcode Fuzzy Hash: ec748d2ff20236a246b2225f31f99fc0d36868f10f6f39911e21bcc0b0aed9cd
                                                  • Instruction Fuzzy Hash: F9412732A083255FD75DDE2A949463ABBE2AFC5300F09C22EE4DA873D1DA788945D781
                                                  Function 00791E93 Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2415d634626f26d1b94f10c31ebde0b2c5206fb985deb0b25a54e841cef004f0
                                                  • Instruction ID: 0e3fa653b8e11f9e9bfec868ef81ea13ccc829c04d2277b6a6d898cc052bba15
                                                  • Opcode Fuzzy Hash: 2415d634626f26d1b94f10c31ebde0b2c5206fb985deb0b25a54e841cef004f0
                                                  • Instruction Fuzzy Hash: DC410274509380ABC720AB58D888B1EFBF6FB86345F144D1DF6C497292C37AD8148F66
                                                  Function 007C8D8A Relevance: .1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1f29093395158fc10803190877f361fe755679f9382d8e64aa2777b51b121b66
                                                  • Instruction ID: 2dc8e57441118bad076254e9155520a73af8062cb56eb956e915958c82917488
                                                  • Opcode Fuzzy Hash: 1f29093395158fc10803190877f361fe755679f9382d8e64aa2777b51b121b66
                                                  • Instruction Fuzzy Hash: 0841D23160C2548FC354DF68C490A2EFBE6AF99300F098A6ED4D6D7392DB78DD018B96
                                                  Function 0079D961 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd4793203013fb89a8a616496211da040fa5a31f28e0d4516d550f6e8b29aaba
                                                  • Instruction ID: 52d6841ccc76aa0fe9c9f8f9150e31622903a1ae9c992ad6080d69827624951f
                                                  • Opcode Fuzzy Hash: cd4793203013fb89a8a616496211da040fa5a31f28e0d4516d550f6e8b29aaba
                                                  • Instruction Fuzzy Hash: 8341ABB1549381CBD7309F14D885BABB7B0FFA6364F048959E48A8B691E7784840CB97
                                                  Function 007BF030 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                  • Instruction ID: b0f7c76598cc681e3a449fcc9c9f6ee7ad84bdf7886f743aaf7932a91743be53
                                                  • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                  • Instruction Fuzzy Hash: 71210A3290811447C324EB5DC88167BF7E4EB99B04F16863ED9C4A7296E339DC1487E1
                                                  Function 007C67EF Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8262a3884fa122068ccdfd8491b2b1ccf4174f2c2197332de31e16a15833102f
                                                  • Instruction ID: bfbd03e448469664ed08af6335de8b75a041fa8f483eb87d8c649c060e15b8b9
                                                  • Opcode Fuzzy Hash: 8262a3884fa122068ccdfd8491b2b1ccf4174f2c2197332de31e16a15833102f
                                                  • Instruction Fuzzy Hash: 1231077051C3829AD714CF14C490A2FBBF0EF96788F54591DF4C8AB261D738D985CB9A
                                                  Function 0093F9CC Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea8b69e3c45f72287c2566d2eff94cafbae88caa213a94d36e770bb68d4c4bed
                                                  • Instruction ID: dbe0bf553c5f605215b705cd0b39450b559006232cd4fbc7dc33759684039bdb
                                                  • Opcode Fuzzy Hash: ea8b69e3c45f72287c2566d2eff94cafbae88caa213a94d36e770bb68d4c4bed
                                                  • Instruction Fuzzy Hash: 5E318DB3F6106147F7584839DE5D3516A839B95310F1F82798E4CABBC9D8BE9C498280
                                                  Function 007A5E70 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94098c7173cbb72f6cf0c79635a0a5abe725d69d184585cf2efba8566062a18e
                                                  • Instruction ID: 5de014b038f791653bf44528c0272dfeb23f77551ac938cef88ed9d53c3ce40f
                                                  • Opcode Fuzzy Hash: 94098c7173cbb72f6cf0c79635a0a5abe725d69d184585cf2efba8566062a18e
                                                  • Instruction Fuzzy Hash: A521AEB0509201DFC310AF28C85592BB7F4EF92765F448A1CF4D99B292E338DA00CBA3
                                                  Function 007849A0 Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                  • Instruction ID: e728f0f45cee433d5547bdae14d9b258e05b747b14d0b95fd7e0f53903aaca9f
                                                  • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                  • Instruction Fuzzy Hash: 3531EC31688202DBD714AF28D88452BB7E1EF84358F18C52DE89A9B241D379DC42CB47
                                                  Function 007C64B8 Relevance: .1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 79f0490beee4e9e0a3a2234e227b04f5e6669f266e6a8f4c328ec8afd27c7bfa
                                                  • Instruction ID: 84fd1a366815594a5ea620265eba16f212aae8e2cb5bf2d05ae8598b5b73a4d0
                                                  • Opcode Fuzzy Hash: 79f0490beee4e9e0a3a2234e227b04f5e6669f266e6a8f4c328ec8afd27c7bfa
                                                  • Instruction Fuzzy Hash: CE21237460D2809BC708EF19D490E2EFBF6EB95755F28881CE4C493262C339E951CB66
                                                  Function 009F9FCB Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5296520e98feb9f54b878267f6c0c800d2049c98799b9234e55c1180f4511f52
                                                  • Instruction ID: c86a11be0b021bca4d9159716c3f9a67e7d3b4c6aba3e8c80815f6ed34a52bcb
                                                  • Opcode Fuzzy Hash: 5296520e98feb9f54b878267f6c0c800d2049c98799b9234e55c1180f4511f52
                                                  • Instruction Fuzzy Hash: BA11FEB280C6089FE711BE64DC8566EF7E5FB18310F06492DDBD483610E736A9249A87
                                                  Function 007BB650 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                  • Instruction ID: 1c2b5bc98abb8674895a11294270791d92d21730c5be497886b409d6651e0564
                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                  • Instruction Fuzzy Hash: 1311E933A051D40EC3168D3C84406A5BFA31AA3238B5943D9F8F49B2D2D766CD8A8354
                                                  Function 007B0B80 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                  • Instruction ID: 6d21ac46e0660df1d54b44ab382d56f92be1eff48ae1a6f4af54a6cc6059db64
                                                  • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                  • Instruction Fuzzy Hash: E50188F5A0030187EB21EE55A8D5B7BB2A86F40718F18452CE40657301DB7DEC05C7E1
                                                  Function 00A2639A Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b9129ee6ee09f84ce39ee865c42cf8e626fbfe9f9baf5ae2d7304f712ca3aa63
                                                  • Instruction ID: 7520cb70390cb628d0576ace9d48c105a187f6013308477034bb77ab8fd94af8
                                                  • Opcode Fuzzy Hash: b9129ee6ee09f84ce39ee865c42cf8e626fbfe9f9baf5ae2d7304f712ca3aa63
                                                  • Instruction Fuzzy Hash: 9001C2B150C704DFE319BE69ECC6BAAFBE0FB68310F06482DD7D582650E77564108A5B
                                                  Function 007AD1E1 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 958f90ed1c1e0d457f723d501a3f4da0e6417b299d117b9c74542e27edf88153
                                                  • Instruction ID: 0747a607ecf0cb63e1761a9818419ef42ffc06a66c8a8d977d3d2e701ea02962
                                                  • Opcode Fuzzy Hash: 958f90ed1c1e0d457f723d501a3f4da0e6417b299d117b9c74542e27edf88153
                                                  • Instruction Fuzzy Hash: 5A11DBB0408380AFD3209F618498A2FFBF5EBA6714F148C0DE6A59B251C379E819CB56
                                                  Function 00786EA0 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c44653a590025baaa34ad90e3e99a7d536ecba800c69876861014b8db7774cc1
                                                  • Instruction ID: 484017f66ca7831d267759a02ff821174afc6f4abd72be59d273a98628f140d4
                                                  • Opcode Fuzzy Hash: c44653a590025baaa34ad90e3e99a7d536ecba800c69876861014b8db7774cc1
                                                  • Instruction Fuzzy Hash: 86F0243A75820A1BA220EDABE8C083BB396D7C9364F045538FA41C3201CE76E80692A5
                                                  Function 007BB8C0 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                  • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                  • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                  • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                  Function 0079C5F0 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                  • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                  • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                  • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                  Function 0079B410 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                  • Instruction ID: b96fc9185009c57ac6a94509748e8616403b56fc8d6af1eaf762013e537d3def
                                                  • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                  • Instruction Fuzzy Hash: B6F0ECB160455067DF228A94BCC0F37BB9CCB87354F190426EC4557103E2A55845C3E5
                                                  Function 007B8220 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0b8e628c9bd4882281531864519849be18b54cae0e328f9bb3b8ebc04f22ead
                                                  • Instruction ID: eaf08292957b19f4d197619edbdfc89871431eb7ac085b86127941c52d0e60cd
                                                  • Opcode Fuzzy Hash: f0b8e628c9bd4882281531864519849be18b54cae0e328f9bb3b8ebc04f22ead
                                                  • Instruction Fuzzy Hash: ED01E4B0410B009FC360EF29C445B57BBE8EB08714F008A1DE8AECB680D774A5448B82
                                                  Function 007C1440 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                  • Instruction ID: 556dcd513c6f366a70f7bc1218b5abbd548dbc92e459ae0919ef8b0b282c1b2c
                                                  • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                  • Instruction Fuzzy Hash: BAD09731608361469F388F19A400E77F3F0EAC3B02F88802EF982E3148D230DC00C2A8
                                                  Function 00791ACD Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13b1ea22df376172b199a9474e2ed4c9a806ed8ef891dd155a53c6728fd9d89b
                                                  • Instruction ID: 7b2e5d3788f72e39b629afe57c3703c32b5e47364122232805c9e487dd9f07d0
                                                  • Opcode Fuzzy Hash: 13b1ea22df376172b199a9474e2ed4c9a806ed8ef891dd155a53c6728fd9d89b
                                                  • Instruction Fuzzy Hash: 87C08C34A590818BC208DF00FC9A832B7B9A307308780F03FDA03F3321CA38C816890D
                                                  Function 007C6094 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4059233ade7162ab04f2d93c874f1f4dad70e8ef9f85c1588d5c14aa5a53a789
                                                  • Instruction ID: d69620aaf159ef7e0926bcc625bf450b62ea4ab32bf58507968f76f4c225dce9
                                                  • Opcode Fuzzy Hash: 4059233ade7162ab04f2d93c874f1f4dad70e8ef9f85c1588d5c14aa5a53a789
                                                  • Instruction Fuzzy Hash: 2EC09278A6E00487B20CCF08E951975F3BA9B9BB1CB24F02FC80623296C13DE513991E
                                                  Function 00791A3C Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f6f894e552dd2d049d8fa8ff9842c572c92d22ac799fb0aeec11d9a0920ef2b
                                                  • Instruction ID: 2b384ca6ad5bdfcc7af9807526a473b9a21bb66286f9a606557303e654e34e03
                                                  • Opcode Fuzzy Hash: 8f6f894e552dd2d049d8fa8ff9842c572c92d22ac799fb0aeec11d9a0920ef2b
                                                  • Instruction Fuzzy Hash: 01C04C24A990818A86489E86A892831A7A99306208750B03ED602E7261C564D515850D
                                                  Function 007C5FD6 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2085396337.0000000000781000.00000040.00000001.01000000.00000003.sdmp, Offset: 00780000, based on PE: true
                                                  • Associated: 00000000.00000002.2085380164.0000000000780000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.00000000007E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000969000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085433614.0000000000A88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085681256.0000000000A89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085792834.0000000000C23000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2085807189.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_780000_file.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 18e67eb6b0a20b3c3eabdf6f4042fdaaec0ac361608669c974a0c974dc77c72d
                                                  • Instruction ID: 099ac2049302d3cc762c14ed5bfe5b361ba6686895e5ecb200c7b2de298ac989
                                                  • Opcode Fuzzy Hash: 18e67eb6b0a20b3c3eabdf6f4042fdaaec0ac361608669c974a0c974dc77c72d
                                                  • Instruction Fuzzy Hash: 47C09264B6A0008BB24CCF18DD51935F3BA9B8BA1CB14F02FC806A3256D138D512860D