Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1529190
MD5:59c457152e84c2e83bb22799dda88a9d
SHA1:bdff2120b60a7f4aa314fa2b4bb9d17b6e08ad40
SHA256:9ebca3ec6dfea0b0b7651f739ee00adc72de0984a943f855bb5cde41198cc4bf
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5084 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 59C457152E84C2E83BB22799DDA88A9D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["bathdoomgaz.storec", "clearancek.site", "mobbipenju.store", "licendfilteo.sitec", "studennotediw.storec", "dissapoiznw.storec", "eaglepawnoy.storec", "spirittunek.storec"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:15.600066+020020546531A Network Trojan was detected192.168.2.849708172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:15.600066+020020498361A Network Trojan was detected192.168.2.849708172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:12.695838+020020564771Domain Observed Used for C2 Detected192.168.2.8499521.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:12.487207+020020564711Domain Observed Used for C2 Detected192.168.2.8539551.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:12.671354+020020564811Domain Observed Used for C2 Detected192.168.2.8609341.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:12.657848+020020564831Domain Observed Used for C2 Detected192.168.2.8628961.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:12.724973+020020564731Domain Observed Used for C2 Detected192.168.2.8521691.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:12.645146+020020564851Domain Observed Used for C2 Detected192.168.2.8565711.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:12.710424+020020564751Domain Observed Used for C2 Detected192.168.2.8497201.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T18:26:12.683577+020020564791Domain Observed Used for C2 Detected192.168.2.8602421.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/badgesURL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.5084.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["bathdoomgaz.storec", "clearancek.site", "mobbipenju.store", "licendfilteo.sitec", "studennotediw.storec", "dissapoiznw.storec", "eaglepawnoy.storec", "spirittunek.storec"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:49707 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.8:49708 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E3D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E3D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00E763B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E75700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00E799D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_00E7695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_00E3FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00E40EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00E76094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00E74040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00E46F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_00E6F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00E31000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00E5D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00E442FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00E52260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00E52260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00E623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00E623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00E623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00E623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00E623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_00E623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_00E3A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00E764B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00E5C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00E71440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00E4D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00E5E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_00E4B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00E38590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00E77520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00E46536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00E59510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00E5E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00E6B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_00E767EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00E5D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00E77710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00E528E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_00E349A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_00E4D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00E73920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00E41ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00E74A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00E35A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00E41A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00E43BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00E41BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00E60B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00E79B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_00E4DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_00E4DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E79CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00E79CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_00E5CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E5CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_00E5CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00E5AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_00E5AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_00E5EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_00E6FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00E57C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E78D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00E5DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_00E5FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00E36EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_00E3BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00E46EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00E41E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00E57E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E55E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_00E5AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00E44E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00E77FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E77FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00E75FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00E38FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_00E4FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00E46F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00E59F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00E6FF70

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.8:60242 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.8:53955 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.8:49952 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.8:49720 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.8:52169 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.8:56571 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.8:62896 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.8:60934 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49708 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49708 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: bathdoomgaz.storec
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: licendfilteo.sitec
    Source: Malware configuration extractorURLs: studennotediw.storec
    Source: Malware configuration extractorURLs: dissapoiznw.storec
    Source: Malware configuration extractorURLs: eaglepawnoy.storec
    Source: Malware configuration extractorURLs: spirittunek.storec
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=67d3c020a5ac9a2c1f192620; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 08 Oct 2024 16:26:14 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control\E equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=eng
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.1497664141.000000000093E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510805596.000000000093E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site/api
    Source: file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/api
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.1486468820.0000000000987000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497588665.0000000000986000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510942649.0000000000973000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1511007662.0000000000987000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497543262.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.1497436211.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1511007662.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486574827.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.1497664141.0000000000953000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510805596.0000000000953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510942649.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497543262.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486553065.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.1486574827.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:49707 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.8:49708 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E402280_2_00E40228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E7A0D00_2_00E7A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E0_2_0100C17E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E740400_2_00E74040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E420300_2_00E42030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E310000_2_00E31000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E371F00_2_00E371F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFD1D40_2_00FFD1D4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E3E1A00_2_00E3E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E351600_2_00E35160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E312F70_2_00E312F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E682D00_2_00E682D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E612D00_2_00E612D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010023C50_2_010023C5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF82340_2_00FF8234
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E623E00_2_00E623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E313A30_2_00E313A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E3B3A00_2_00E3B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010072D20_2_010072D2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E3A3000_2_00E3A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E664F00_2_00E664F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E444870_2_00E44487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E4049B0_2_00E4049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E5C4700_2_00E5C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E4C5F00_2_00E4C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E335B00_2_00E335B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E385900_2_00E38590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E786F00_2_00E786F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E3164F0_2_00E3164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E786520_2_00E78652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E6F6200_2_00E6F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F907F30_2_00F907F3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F378F20_2_00F378F2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E6B8C00_2_00E6B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E6E8A00_2_00E6E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E618600_2_00E61860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E3A8500_2_00E3A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FEF9CC0_2_00FEF9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E789A00_2_00E789A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E5098B0_2_00E5098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100A8740_2_0100A874
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010098760_2_01009876
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010008BB0_2_010008BB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010058CD0_2_010058CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E77AB00_2_00E77AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E78A800_2_00E78A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E74A400_2_00E74A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E37BF00_2_00E37BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E4DB6F0_2_00E4DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0BB0F0_2_00F0BB0F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF9CFB0_2_00FF9CFB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E5CCD00_2_00E5CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E76CBF0_2_00E76CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF4C1B0_2_00FF4C1B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E78C020_2_00E78C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFED990_2_00FFED99
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E58D620_2_00E58D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E5DD290_2_00E5DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E5FD100_2_00E5FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E3BEB00_2_00E3BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E46EBF0_2_00E46EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E78E700_2_00E78E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E5AE570_2_00E5AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E44E2A0_2_00E44E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA4FFA0_2_00FA4FFA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E77FC00_2_00E77FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E38FD00_2_00E38FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01003E5E0_2_01003E5E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFBF680_2_00FFBF68
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC5F0A0_2_00EC5F0A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E3AF100_2_00E3AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00E4D300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00E3CAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995165532178217
    Source: file.exeStatic PE information: Section: zisinevl ZLIB complexity 0.9943861674599577
    Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E68220 CoCreateInstance,0_2_00E68220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1864192 > 1048576
    Source: file.exeStatic PE information: Raw size of zisinevl is bigger than: 0x100000 < 0x19da00

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.e30000.0.unpack :EW;.rsrc :W;.idata :W; :EW;zisinevl:EW;oonylekf:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;zisinevl:EW;oonylekf:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d09d3 should be: 0x1d507b
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: zisinevl
    Source: file.exeStatic PE information: section name: oonylekf
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01098126 push 27004CAFh; mov dword ptr [esp], esi0_2_01098155
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106A131 push ebp; mov dword ptr [esp], esi0_2_0106A150
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D5159 push eax; mov dword ptr [esp], ecx0_2_010D5181
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D5159 push 22414C70h; mov dword ptr [esp], eax0_2_010D5202
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C816C push ecx; mov dword ptr [esp], edx0_2_010C8187
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C816C push 414F2B1Ch; mov dword ptr [esp], edx0_2_010C81AE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C816C push eax; mov dword ptr [esp], edi0_2_010C81BB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01072172 push 594188C5h; mov dword ptr [esp], ebp0_2_010721B9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push esi; mov dword ptr [esp], ecx0_2_0100C1A7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ecx; mov dword ptr [esp], ebx0_2_0100C231
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push esi; mov dword ptr [esp], 7A3774BFh0_2_0100C2AE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ebp; mov dword ptr [esp], edx0_2_0100C2FC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push eax; mov dword ptr [esp], ebp0_2_0100C336
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 0C064935h; mov dword ptr [esp], edi0_2_0100C358
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push edx; mov dword ptr [esp], 7BE8C1BAh0_2_0100C40F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 28456787h; mov dword ptr [esp], ecx0_2_0100C452
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 397D3F79h; mov dword ptr [esp], esi0_2_0100C509
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ecx; mov dword ptr [esp], eax0_2_0100C529
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 65ACBF43h; mov dword ptr [esp], edx0_2_0100C5D8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ebx; mov dword ptr [esp], ebp0_2_0100C5DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ebp; mov dword ptr [esp], ecx0_2_0100C714
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 6B586524h; mov dword ptr [esp], edi0_2_0100C7D2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 4B26A5E1h; mov dword ptr [esp], ecx0_2_0100C87B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ebp; mov dword ptr [esp], eax0_2_0100C885
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 3C491B1Eh; mov dword ptr [esp], ebx0_2_0100C8D1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 66F08763h; mov dword ptr [esp], edx0_2_0100C8D9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ebp; mov dword ptr [esp], edx0_2_0100C8F3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ebp; mov dword ptr [esp], 4F823803h0_2_0100C8F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push 1B6A66AAh; mov dword ptr [esp], edx0_2_0100C96F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push esi; mov dword ptr [esp], edi0_2_0100C97E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C17E push ebp; mov dword ptr [esp], 77FD5C59h0_2_0100CA16
    Source: file.exeStatic PE information: section name: entropy: 7.980274519211911
    Source: file.exeStatic PE information: section name: zisinevl entropy: 7.952850089954299

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101013B second address: 1010140 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1010279 second address: 1010284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8F60F8A966h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1010284 second address: 10102A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8F60FAA5B6h 0x0000000a jmp 00007F8F60FAA5C8h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10102A6 second address: 10102B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10102B1 second address: 10102BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8F60FAA5B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10102BD second address: 10102CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10102CC second address: 10102D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10102D0 second address: 10102DC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F60F8A966h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10102DC second address: 10102E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1012B9B second address: 1012B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1012B9F second address: 1012BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1012BA8 second address: 1012BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e pop ecx 0x0000000f nop 0x00000010 mov ecx, esi 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F8F60F8A968h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e call 00007F8F60F8A969h 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1012BE8 second address: 1012BF9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1012BF9 second address: 1012C02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1012CA1 second address: 1012D01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 add dword ptr [esp], 49BDA8A1h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F8F60FAA5B8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov esi, edi 0x0000002a lea ebx, dword ptr [ebp+12452A8Ch] 0x00000030 sub dword ptr [ebp+122D562Bh], edi 0x00000036 or dword ptr [ebp+122D1928h], edx 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F8F60FAA5C6h 0x00000044 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1012ED7 second address: 1012F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007F8F60F8A97Bh 0x00000010 nop 0x00000011 or dword ptr [ebp+122D1CC0h], esi 0x00000017 push eax 0x00000018 mov edi, dword ptr [ebp+122D389Eh] 0x0000001e pop ecx 0x0000001f push 00000000h 0x00000021 mov edi, esi 0x00000023 push 2D0EA356h 0x00000028 jmp 00007F8F60F8A96Eh 0x0000002d xor dword ptr [esp], 2D0EA3D6h 0x00000034 pushad 0x00000035 or edi, dword ptr [ebp+122D37A2h] 0x0000003b add ecx, 23D9C5CAh 0x00000041 popad 0x00000042 push 00000003h 0x00000044 mov ecx, dword ptr [ebp+122D38F6h] 0x0000004a push 00000000h 0x0000004c add dword ptr [ebp+122D562Bh], edi 0x00000052 push 00000003h 0x00000054 jmp 00007F8F60F8A96Dh 0x00000059 push 76B3B921h 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 jnl 00007F8F60F8A966h 0x00000067 push eax 0x00000068 pop eax 0x00000069 popad 0x0000006a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1030D69 second address: 1030D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1030D6E second address: 1030D9A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8F60F8A982h 0x00000008 ja 00007F8F60F8A966h 0x0000000e jmp 00007F8F60F8A976h 0x00000013 jc 00007F8F60F8A96Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1030EDD second address: 1030EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1030EE5 second address: 1030EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1030EED second address: 1030EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F60FAA5BBh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1030EFF second address: 1030F05 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10312F6 second address: 10312FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10312FA second address: 1031302 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103148E second address: 1031492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1031492 second address: 10314A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A96Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10315D9 second address: 10315E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8F60FAA5B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10315E5 second address: 10315EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1031757 second address: 103175B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1031B7C second address: 1031B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1032772 second address: 103278C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F8F60FAA5BCh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1032B83 second address: 1032BA8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F8F60F8A978h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1032BA8 second address: 1032BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1038428 second address: 103843D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F60F8A970h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFCCCC second address: FFCCD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFCCD0 second address: FFCCD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFCCD4 second address: FFCCDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100399F second address: 10039A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1041B62 second address: 1041B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F8F60FAA5B8h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10419CF second address: 10419D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1043270 second address: 1043276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1043276 second address: 104327C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104327C second address: 104329F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F60FAA5C6h 0x0000000c jng 00007F8F60FAA5B6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104329F second address: 10432B5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F8F60F8A966h 0x00000010 jl 00007F8F60F8A966h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104410D second address: 1044111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1044111 second address: 1044117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1044117 second address: 104411C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104411C second address: 1044122 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104415F second address: 1044165 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1044165 second address: 104417E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8F60F8A966h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 je 00007F8F60F8A966h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104417E second address: 104419A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jbe 00007F8F60FAA5B6h 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104419A second address: 10441A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8F60F8A966h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10441A4 second address: 10441A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10441A8 second address: 1044218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jnc 00007F8F60F8A970h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jnp 00007F8F60F8A982h 0x0000001a pop eax 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007F8F60F8A968h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 00000015h 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 movsx edi, si 0x00000038 mov esi, dword ptr [ebp+122D1D19h] 0x0000003e push 26BB20ECh 0x00000043 pushad 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10448A0 second address: 10448B7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8F60FAA5B8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F8F60FAA5B6h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10448B7 second address: 10448BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10448BB second address: 10448C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10448C1 second address: 10448CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60F8A96Ah 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10448CF second address: 10448D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1044F13 second address: 1044F17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10450AF second address: 10450B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10450B3 second address: 10450B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1045363 second address: 1045367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1045367 second address: 1045387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8F60F8A976h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1045443 second address: 1045471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F8F60FAA5B6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F8F60FAA5CDh 0x00000017 jmp 00007F8F60FAA5C7h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1045471 second address: 1045477 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1045477 second address: 104547B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1045522 second address: 1045526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1045526 second address: 104552C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104552C second address: 1045573 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F60F8A968h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F8F60F8A968h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push esi 0x0000002a jne 00007F8F60F8A968h 0x00000030 pop edi 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushad 0x00000036 popad 0x00000037 pushad 0x00000038 popad 0x00000039 popad 0x0000003a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10462E2 second address: 10462E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1046C68 second address: 1046C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1046C6C second address: 1046C72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104800B second address: 104800F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1046C72 second address: 1046CAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jnl 00007F8F60FAA5B6h 0x00000013 jmp 00007F8F60FAA5C7h 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1049475 second address: 1049494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A96Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d je 00007F8F60F8A966h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10487BE second address: 10487F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F8F60FAA5C2h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 push esi 0x00000018 pop esi 0x00000019 pop ecx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1049264 second address: 1049279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1049FD6 second address: 1049FDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104A7AA second address: 104A7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8F60F8A96Ch 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104DDBA second address: 104DDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104DDBE second address: 104DDC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1050C6B second address: 1050C71 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104FCB9 second address: 104FCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8F60F8A966h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1050C71 second address: 1050C88 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8F60FAA5B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007F8F60FAA5B6h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1050C88 second address: 1050C8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104FCC3 second address: 104FCC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1050E10 second address: 1050E15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1053D03 second address: 1053D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1053D07 second address: 1053D12 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1055B2A second address: 1055B34 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1055BE8 second address: 1055BED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056BA4 second address: 1056BA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056BA9 second address: 1056BB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056BB0 second address: 1056C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F8F60FAA5B8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov ebx, edx 0x00000026 push 00000000h 0x00000028 sub bx, 9EDAh 0x0000002d push 00000000h 0x0000002f xchg eax, esi 0x00000030 pushad 0x00000031 jne 00007F8F60FAA5B8h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F8F60FAA5C8h 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1056C08 second address: 1056C0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1055D0D second address: 1055D87 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007F8F60FAA5B6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d xor ebx, 56BE8FF2h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov edi, 0EABA25Ah 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 add di, 16D4h 0x0000002b mov eax, dword ptr [ebp+122D15C5h] 0x00000031 or ebx, dword ptr [ebp+1244EF2Fh] 0x00000037 push FFFFFFFFh 0x00000039 push 00000000h 0x0000003b push edi 0x0000003c call 00007F8F60FAA5B8h 0x00000041 pop edi 0x00000042 mov dword ptr [esp+04h], edi 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc edi 0x0000004f push edi 0x00000050 ret 0x00000051 pop edi 0x00000052 ret 0x00000053 xor di, A7DAh 0x00000058 push eax 0x00000059 pushad 0x0000005a jmp 00007F8F60FAA5C8h 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105BD0B second address: 105BD1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60F8A970h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1059F28 second address: 1059F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5C0h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105BD1F second address: 105BD2A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1059F3D second address: 1059FE2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8F60FAA5BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F8F60FAA5C1h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F8F60FAA5B8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b jmp 00007F8F60FAA5C3h 0x00000030 push dword ptr fs:[00000000h] 0x00000037 or dword ptr [ebp+1244DF97h], eax 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov di, 8100h 0x00000048 mov eax, dword ptr [ebp+122D1639h] 0x0000004e movsx edi, cx 0x00000051 push FFFFFFFFh 0x00000053 push 00000000h 0x00000055 push edx 0x00000056 call 00007F8F60FAA5B8h 0x0000005b pop edx 0x0000005c mov dword ptr [esp+04h], edx 0x00000060 add dword ptr [esp+04h], 00000014h 0x00000068 inc edx 0x00000069 push edx 0x0000006a ret 0x0000006b pop edx 0x0000006c ret 0x0000006d mov ebx, 0812D87Bh 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 push edx 0x00000076 pushad 0x00000077 popad 0x00000078 pop edx 0x00000079 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100883E second address: 1008842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1008842 second address: 1008848 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105D3D5 second address: 105D3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8F60F8A966h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105C3C4 second address: 105C3CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105E424 second address: 105E48C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D3922h] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F8F60F8A968h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d and bx, 0800h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007F8F60F8A968h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 00000016h 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e mov ebx, ecx 0x00000050 push eax 0x00000051 pushad 0x00000052 jp 00007F8F60F8A968h 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1006E12 second address: 1006E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063CE2 second address: 1063CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063CE6 second address: 1063CF2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1063CF2 second address: 1063CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1067D2C second address: 1067D36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1067D36 second address: 1067D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A96Bh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1067D45 second address: 1067D64 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jno 00007F8F60FAA5B6h 0x00000011 jnc 00007F8F60FAA5B6h 0x00000017 pop esi 0x00000018 popad 0x00000019 pushad 0x0000001a push esi 0x0000001b push esi 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10674B0 second address: 10674B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10674B5 second address: 10674C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10674C0 second address: 10674C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10674C4 second address: 10674C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10675EC second address: 10675F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10675F0 second address: 1067640 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F8F60FAA5BFh 0x00000012 popad 0x00000013 jnl 00007F8F60FAA5BEh 0x00000019 pushad 0x0000001a push edi 0x0000001b pop edi 0x0000001c jmp 00007F8F60FAA5C7h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1067640 second address: 106764D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F8F60F8A966h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106764D second address: 1067651 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 106CB62 second address: 106CB84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F8F60F8A96Eh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 jp 00007F8F60F8A966h 0x00000018 pop eax 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071A23 second address: 1071A4B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F60FAA5B6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007F8F60FAA5C8h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071A4B second address: 1071A4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071A4F second address: 1071AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5C0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F8F60FAA5C4h 0x00000015 pushad 0x00000016 popad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a jnp 00007F8F60FAA5CBh 0x00000020 jmp 00007F8F60FAA5C5h 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071AA2 second address: 1071AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071AA8 second address: 1071AAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071BF3 second address: 1071BFD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8F60F8A96Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071D84 second address: 1071D90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8F60FAA5B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071D90 second address: 1071D94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071ED6 second address: 1071F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F8F60FAA5BEh 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e js 00007F8F60FAA5BCh 0x00000014 jp 00007F8F60FAA5B6h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F8F60FAA5C7h 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071F14 second address: 1071F23 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1071F23 second address: 1071F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F8F60FAA5BDh 0x0000000d jno 00007F8F60FAA5B6h 0x00000013 push edx 0x00000014 pop edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072217 second address: 1072222 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10723D9 second address: 10723DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10723DF second address: 10723E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072541 second address: 1072547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1072547 second address: 1072574 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8F60F8A975h 0x0000000d push edi 0x0000000e jmp 00007F8F60F8A96Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1077989 second address: 1077995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F8F60FAA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1077995 second address: 107799B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107799B second address: 10779A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100A3E4 second address: 100A3EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 100A3EC second address: 100A3F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10766F7 second address: 10766FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10766FF second address: 1076719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BDh 0x00000009 js 00007F8F60FAA5B6h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1076887 second address: 107688B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1076C7F second address: 1076C85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1076C85 second address: 1076C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8F60F8A966h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1076C93 second address: 1076C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10770D2 second address: 1077111 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F8F60F8A966h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 je 00007F8F60F8A96Eh 0x00000017 je 00007F8F60F8A972h 0x0000001d push eax 0x0000001e push edx 0x0000001f jp 00007F8F60F8A966h 0x00000025 jns 00007F8F60F8A966h 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107725E second address: 107726A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F8F60FAA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1077693 second address: 1077699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1077699 second address: 10776B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5C8h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10776B5 second address: 10776EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F8F60F8A966h 0x00000009 jmp 00007F8F60F8A974h 0x0000000e jmp 00007F8F60F8A96Dh 0x00000013 je 00007F8F60F8A966h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10776EC second address: 10776FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8F60FAA5B6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10776FA second address: 1077702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF7D66 second address: FF7D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF7D6C second address: FF7D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF7D72 second address: FF7D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF7D77 second address: FF7D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60F8A975h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF7D92 second address: FF7D9B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF7D9B second address: FF7DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104BB48 second address: 104BB5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60FAA5BEh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104BB5A second address: 102A511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jnl 00007F8F60F8A970h 0x00000011 add dword ptr [ebp+1247D3F0h], edx 0x00000017 lea eax, dword ptr [ebp+1248B8FCh] 0x0000001d add dword ptr [ebp+122D17F0h], edx 0x00000023 push eax 0x00000024 jmp 00007F8F60F8A977h 0x00000029 mov dword ptr [esp], eax 0x0000002c mov di, 4D07h 0x00000030 call dword ptr [ebp+122D34F9h] 0x00000036 pushad 0x00000037 pushad 0x00000038 jmp 00007F8F60F8A974h 0x0000003d push esi 0x0000003e pop esi 0x0000003f js 00007F8F60F8A966h 0x00000045 push ecx 0x00000046 pop ecx 0x00000047 popad 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104C045 second address: E93A50 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ecx, dword ptr [ebp+122D37CEh] 0x00000014 push dword ptr [ebp+122D02F1h] 0x0000001a mov dh, 4Ch 0x0000001c call dword ptr [ebp+122D1A68h] 0x00000022 pushad 0x00000023 mov dword ptr [ebp+122D2D00h], eax 0x00000029 xor eax, eax 0x0000002b mov dword ptr [ebp+122D2D00h], edi 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 je 00007F8F60FAA5BCh 0x0000003b mov dword ptr [ebp+122D25CCh], ebx 0x00000041 mov dword ptr [ebp+122D3762h], eax 0x00000047 jmp 00007F8F60FAA5C2h 0x0000004c mov esi, 0000003Ch 0x00000051 pushad 0x00000052 push edi 0x00000053 jnl 00007F8F60FAA5B6h 0x00000059 pop edx 0x0000005a mov edx, dword ptr [ebp+122D392Eh] 0x00000060 popad 0x00000061 add esi, dword ptr [esp+24h] 0x00000065 pushad 0x00000066 mov dl, ch 0x00000068 mov ecx, 22CD75BDh 0x0000006d popad 0x0000006e lodsw 0x00000070 js 00007F8F60FAA5C4h 0x00000076 pushad 0x00000077 jno 00007F8F60FAA5B6h 0x0000007d xor dword ptr [ebp+122D2D00h], ebx 0x00000083 popad 0x00000084 add eax, dword ptr [esp+24h] 0x00000088 jmp 00007F8F60FAA5C3h 0x0000008d or dword ptr [ebp+122D1B1Dh], edx 0x00000093 mov ebx, dword ptr [esp+24h] 0x00000097 clc 0x00000098 sub dword ptr [ebp+122D1B1Dh], ebx 0x0000009e push eax 0x0000009f push eax 0x000000a0 push edx 0x000000a1 jmp 00007F8F60FAA5BBh 0x000000a6 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104C208 second address: 104C211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104C50C second address: 104C510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104C655 second address: 104C664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104C664 second address: 104C674 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104CA63 second address: 104CA75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104CA75 second address: 104CA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104CA7A second address: 104CA84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8F60F8A966h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104CA84 second address: 104CA88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104CD84 second address: 104CD89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102B050 second address: 102B0AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C9h 0x00000007 jmp 00007F8F60FAA5C4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jbe 00007F8F60FAA5CAh 0x00000014 jmp 00007F8F60FAA5C2h 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jno 00007F8F60FAA5B6h 0x00000025 push edx 0x00000026 pop edx 0x00000027 pushad 0x00000028 popad 0x00000029 popad 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102B0AA second address: 102B0AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107AEC8 second address: 107AEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107AEDB second address: 107AEDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107AEDF second address: 107AEE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107B062 second address: 107B066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107B455 second address: 107B45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 107B45B second address: 107B460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1085977 second address: 108597F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108597F second address: 10859AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A96Ch 0x00000009 jmp 00007F8F60F8A976h 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10859AD second address: 10859D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8F60FAA5BBh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1085B38 second address: 1085B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1085B3E second address: 1085B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F8F60FAA5B6h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1085B4B second address: 1085B60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8F60F8A96Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1085B60 second address: 1085B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007F8F60FAA5B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1085B6E second address: 1085B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1085D08 second address: 1085D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1085FBC second address: 1085FC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8F60F8A966h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108611D second address: 1086141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jng 00007F8F60FAA5CDh 0x0000000d jne 00007F8F60FAA5B6h 0x00000013 jmp 00007F8F60FAA5C1h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10862D7 second address: 10862DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10862DD second address: 10862E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10862E1 second address: 10862E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10862E5 second address: 1086305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d js 00007F8F60FAA5CEh 0x00000013 push eax 0x00000014 push edx 0x00000015 jnc 00007F8F60FAA5B6h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086305 second address: 1086309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086309 second address: 108630F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086854 second address: 108685A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108685A second address: 1086879 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8F60FAA5B6h 0x00000008 jmp 00007F8F60FAA5C1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086879 second address: 108687D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10869DC second address: 1086A03 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8F60FAA5CEh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F8F60FAA5C6h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086A03 second address: 1086A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086E17 second address: 1086E31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8F60FAA5C4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086E31 second address: 1086E57 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jp 00007F8F60F8A966h 0x00000009 jns 00007F8F60F8A966h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8F60F8A974h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086E57 second address: 1086E5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1086E5B second address: 1086E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F8F60F8A982h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108A605 second address: 108A62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5C8h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F8F60FAA5B6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108A62C second address: 108A63A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A96Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108A63A second address: 108A64B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60FAA5BBh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CBE7 second address: 108CBEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CE81 second address: 108CE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108CE85 second address: 108CE92 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 108F26F second address: 108F283 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BEh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109437B second address: 109437F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109437F second address: 1094383 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10947DE second address: 10947E8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8F60F8A96Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104C849 second address: 104C8E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jo 00007F8F60FAA5BCh 0x00000012 mov ecx, dword ptr [ebp+122D19CDh] 0x00000018 mov ebx, dword ptr [ebp+1248B93Bh] 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007F8F60FAA5B8h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 mov dword ptr [ebp+1244DF97h], eax 0x0000003e add eax, ebx 0x00000040 mov dword ptr [ebp+124823EEh], edi 0x00000046 mov edx, dword ptr [ebp+122D370Eh] 0x0000004c push eax 0x0000004d jmp 00007F8F60FAA5C9h 0x00000052 mov dword ptr [esp], eax 0x00000055 jmp 00007F8F60FAA5BCh 0x0000005a mov ecx, dword ptr [ebp+122D38CAh] 0x00000060 push 00000004h 0x00000062 push eax 0x00000063 pushad 0x00000064 je 00007F8F60FAA5BCh 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104C8E8 second address: 104C8F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 104C8F0 second address: 104C8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1094A5B second address: 1094A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10982F5 second address: 10982FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1097AA2 second address: 1097AA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1098080 second address: 1098086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109BE35 second address: 109BE4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F60F8A970h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109BE4A second address: 109BE50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109BE50 second address: 109BE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F60F8A977h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109BE70 second address: 109BE74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109BE74 second address: 109BEBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A978h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jnp 00007F8F60F8A972h 0x00000014 ja 00007F8F60F8A966h 0x0000001a jc 00007F8F60F8A966h 0x00000020 jmp 00007F8F60F8A96Dh 0x00000025 push ecx 0x00000026 push edx 0x00000027 pop edx 0x00000028 pop ecx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109BEBC second address: 109BEC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FFB2F4 second address: FFB301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109B187 second address: 109B18F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109B18F second address: 109B199 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109B199 second address: 109B19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109B315 second address: 109B348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 js 00007F8F60F8A96Eh 0x0000000b push edx 0x0000000c pop edx 0x0000000d jns 00007F8F60F8A966h 0x00000013 push eax 0x00000014 push edx 0x00000015 ja 00007F8F60F8A966h 0x0000001b jmp 00007F8F60F8A978h 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109B492 second address: 109B496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 109B5C1 second address: 109B5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F8F60F8A966h 0x0000000d jmp 00007F8F60F8A96Ah 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A4488 second address: 10A44A0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8F60FAA5B6h 0x00000008 jo 00007F8F60FAA5B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 jg 00007F8F60FAA5B6h 0x00000017 pop edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF6214 second address: FF6266 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8F60F8A96Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c jmp 00007F8F60F8A975h 0x00000011 pop ebx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F8F60F8A96Ch 0x0000001a popad 0x0000001b push ebx 0x0000001c jno 00007F8F60F8A966h 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 pop ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 jng 00007F8F60F8A966h 0x0000002d jnc 00007F8F60F8A966h 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF6266 second address: FF626A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A2587 second address: 10A25BF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8F60F8A977h 0x00000008 pop ecx 0x00000009 jmp 00007F8F60F8A977h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A30FE second address: 10A3103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A3103 second address: 10A312B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8F60F8A966h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 js 00007F8F60F8A966h 0x00000018 jns 00007F8F60F8A966h 0x0000001e popad 0x0000001f pushad 0x00000020 ja 00007F8F60F8A966h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A312B second address: 10A313E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BDh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A313E second address: 10A3143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A3143 second address: 10A3156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60FAA5BFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A3C1B second address: 10A3C37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A978h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A4170 second address: 10A4178 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A4178 second address: 10A418B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 je 00007F8F60F8A966h 0x00000009 jnl 00007F8F60F8A966h 0x0000000f pop esi 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A418B second address: 10A4191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A9EBA second address: 10A9ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 push esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop esi 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F8F60F8A96Ah 0x00000016 pop esi 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10A9ED6 second address: 10A9EE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007F8F60FAA5B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ADAD9 second address: 10ADADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ADADD second address: 10ADAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ADAF2 second address: 10ADB10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A970h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8F60F8A96Ah 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACE52 second address: 10ACE8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F8F60FAA5C9h 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACE8B second address: 10ACE99 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 je 00007F8F60F8A966h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACE99 second address: 10ACE9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACFDB second address: 10ACFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACFE0 second address: 10AD00A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F8F60FAA5C2h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AD1E8 second address: 10AD202 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8F60F8A966h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F8F60F8A96Eh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AD369 second address: 10AD36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AD36D second address: 10AD38C instructions: 0x00000000 rdtsc 0x00000002 js 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8F60F8A972h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AD4F3 second address: 10AD4F9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B6D72 second address: 10B6D76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BD5D3 second address: 10BD5D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BD5D7 second address: 10BD5E1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C80F5 second address: 10C80F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CBAFF second address: 10CBB1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8F60F8A966h 0x0000000a jmp 00007F8F60F8A96Ch 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F8F60F8A966h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CBB1E second address: 10CBB24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CBB24 second address: 10CBB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CBB39 second address: 10CBB45 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 je 00007F8F60FAA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF9856 second address: FF9873 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8F60F8A974h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF9873 second address: FF9879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF9879 second address: FF987D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF987D second address: FF9881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10CB9A4 second address: 10CB9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A96Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jnp 00007F8F60F8A966h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DF13D second address: 10DF147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8F60FAA5B6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DF147 second address: 10DF156 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jp 00007F8F60F8A966h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DF156 second address: 10DF165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10DF165 second address: 10DF169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E914D second address: 10E9151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E9151 second address: 10E9155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7D1E second address: 10E7D22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7E82 second address: 10E7E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F8F60F8A966h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7E91 second address: 10E7E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E8130 second address: 10E8141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8F60F8A96Ch 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E8141 second address: 10E8165 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F8F60FAA5B6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF684 second address: 10EF688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF688 second address: 10EF68C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF68C second address: 10EF698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF698 second address: 10EF6A2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF24D second address: 10EF258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8F60F8A966h 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF258 second address: 10EF25D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF25D second address: 10EF279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8F60F8A966h 0x0000000a pop esi 0x0000000b pushad 0x0000000c jnp 00007F8F60F8A966h 0x00000012 jbe 00007F8F60F8A966h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF39C second address: 10EF3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BCh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF3B2 second address: 10EF3E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A978h 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8F60F8A970h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF3E2 second address: 10EF3EF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8F60FAA5B8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F0CBD second address: 10F0CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB6B4 second address: 10FB6BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB6BA second address: 10FB6D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8F60F8A96Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F8F60F8A966h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB6D9 second address: 10FB6E2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1102AA5 second address: 1102AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110F680 second address: 110F684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110F684 second address: 110F68A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110F68A second address: 110F692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110F692 second address: 110F69F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110F7D8 second address: 110F7DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1128366 second address: 112837D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A973h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11271BA second address: 11271DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8F60FAA5C3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11271DA second address: 11271E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127370 second address: 1127376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127376 second address: 1127390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8F60F8A96Bh 0x0000000e jnc 00007F8F60F8A966h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127390 second address: 11273A4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8F60FAA5B6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F8F60FAA5BCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11277B0 second address: 11277C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F60F8A96Ah 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127A89 second address: 1127AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F8F60FAA5C2h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jnp 00007F8F60FAA5B6h 0x00000012 popad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8F60FAA5C8h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127AC4 second address: 1127AC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127D4A second address: 1127D5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127D5C second address: 1127D79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F60F8A978h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127EC5 second address: 1127F04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 jnp 00007F8F60FAA5B8h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push esi 0x00000015 pop esi 0x00000016 push edx 0x00000017 pop edx 0x00000018 jmp 00007F8F60FAA5BBh 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F8F60FAA5C4h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127F04 second address: 1127F08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1127F08 second address: 1127F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112805A second address: 112806B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112806B second address: 112806F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112806F second address: 1128079 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1128079 second address: 112808C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F60FAA5BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129A6D second address: 1129A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F8F60F8A966h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129A7C second address: 1129A80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112C565 second address: 112C5A8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b xor dword ptr [ebp+122D1847h], eax 0x00000011 push 00000004h 0x00000013 jmp 00007F8F60F8A96Dh 0x00000018 stc 0x00000019 call 00007F8F60F8A969h 0x0000001e push eax 0x0000001f push edx 0x00000020 jne 00007F8F60F8A977h 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112C5A8 second address: 112C608 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8F60FAA5C0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F8F60FAA5C7h 0x00000014 jng 00007F8F60FAA5C7h 0x0000001a jmp 00007F8F60FAA5C1h 0x0000001f popad 0x00000020 mov eax, dword ptr [esp+04h] 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F8F60FAA5C1h 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112C608 second address: 112C63D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A974h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8F60F8A978h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112C807 second address: 112C80C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112C80C second address: 112C8F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A972h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F8F60F8A976h 0x00000010 jnc 00007F8F60F8A968h 0x00000016 popad 0x00000017 nop 0x00000018 call 00007F8F60F8A977h 0x0000001d add dh, 00000073h 0x00000020 pop edx 0x00000021 push dword ptr [ebp+122D2089h] 0x00000027 push 00000000h 0x00000029 push edx 0x0000002a call 00007F8F60F8A968h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], edx 0x00000034 add dword ptr [esp+04h], 0000001Bh 0x0000003c inc edx 0x0000003d push edx 0x0000003e ret 0x0000003f pop edx 0x00000040 ret 0x00000041 sub dword ptr [ebp+122D1A14h], ebx 0x00000047 call 00007F8F60F8A969h 0x0000004c jnc 00007F8F60F8A97Fh 0x00000052 push eax 0x00000053 jmp 00007F8F60F8A975h 0x00000058 mov eax, dword ptr [esp+04h] 0x0000005c jg 00007F8F60F8A973h 0x00000062 mov eax, dword ptr [eax] 0x00000064 je 00007F8F60F8A974h 0x0000006a push eax 0x0000006b push edx 0x0000006c jp 00007F8F60F8A966h 0x00000072 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112C8F3 second address: 112C914 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b push edi 0x0000000c jmp 00007F8F60FAA5C0h 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30B4F second address: 4C30B79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8F60F8A96Dh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30B79 second address: 4C30B7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30B7E second address: 4C30C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b pushad 0x0000000c mov ecx, ebx 0x0000000e jmp 00007F8F60F8A96Bh 0x00000013 popad 0x00000014 jns 00007F8F60F8A9D9h 0x0000001a jmp 00007F8F60F8A976h 0x0000001f add eax, ecx 0x00000021 pushad 0x00000022 call 00007F8F60F8A96Eh 0x00000027 pushfd 0x00000028 jmp 00007F8F60F8A972h 0x0000002d and cx, ED08h 0x00000032 jmp 00007F8F60F8A96Bh 0x00000037 popfd 0x00000038 pop eax 0x00000039 pushfd 0x0000003a jmp 00007F8F60F8A979h 0x0000003f jmp 00007F8F60F8A96Bh 0x00000044 popfd 0x00000045 popad 0x00000046 mov eax, dword ptr [eax+00000860h] 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F8F60F8A975h 0x00000053 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30C2E second address: 4C30C4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30C4B second address: 4C30C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30C4F second address: 4C30C62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30C62 second address: 4C30C68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30C68 second address: 4C30C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C30C6C second address: 4C30C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F8FD2F60A51h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8F60F8A96Ah 0x00000015 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: E93A9B instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 10384EB instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 1036AC3 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 1063D3D instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: E939D0 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 5056Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.1510744552.00000000008FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
    Source: file.exe, 00000000.00000003.1497664141.0000000000953000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510805596.0000000000953000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E75BB0 LdrInitializeThunk,0_2_00E75BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exe, file.exe, 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: XProgram Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook5
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/badges100%URL Reputationmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		unknown
      sergei-esenin.com
      		172.67.206.204
      		truetrue
        		unknown
        default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        		84.201.210.22
        		truefalse
          		unknown
          eaglepawnoy.store
          		unknown
          		unknowntrue
            		unknown
            bathdoomgaz.store
            		unknown
            		unknowntrue
              		unknown
              spirittunek.store
              		unknown
              		unknowntrue
                		unknown
                licendfilteo.site
                		unknown
                		unknowntrue
                  		unknown
                  studennotediw.store
                  		unknown
                  		unknowntrue
                    		unknown
                    mobbipenju.store
                    		unknown
                    		unknowntrue
                      		unknown
                      clearancek.site
                      		unknown
                      		unknowntrue
                        		unknown
                        dissapoiznw.store
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          dissapoiznw.storectrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                            • URL Reputation: malware
                            		unknown
                            eaglepawnoy.storectrue
                              		unknown
                              spirittunek.storectrue
                                		unknown
                                studennotediw.storectrue
                                  		unknown
                                  licendfilteo.sitectrue
                                    		unknown
                                    clearancek.sitetrue
                                      		unknown
                                      bathdoomgaz.storectrue
                                        		unknown
                                        mobbipenju.storetrue
                                          		unknown
                                          https://sergei-esenin.com/apitrue
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://player.vimeo.comfile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://sergei-esenin.com/file.exe, 00000000.00000003.1486468820.0000000000987000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497588665.0000000000986000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510942649.0000000000973000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1511007662.0000000000987000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497543262.0000000000972000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.youtube.comfile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.google.comfile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://s.ytimg.com;file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://steam.tv/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://licendfilteo.site:443/apifile.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://sketchfab.comfile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://lv.queniujq.cnfile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510942649.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497543262.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486553065.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmptrue
                                                              • URL Reputation: malware
                                                              		unknown
                                                              https://www.youtube.com/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.google.com/recaptcha/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://checkout.steampowered.com/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/;file.exe, 00000000.00000003.1486574827.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/about/file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfmfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engfile.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://help.steampowered.com/en/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://steamcommunity.com/market/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://store.steampowered.com/news/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://store.steampowered.com/stats/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://medal.tvfile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://login.steampowered.com/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://store.steampowered.com/legal/file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://licendfilteo.site/apifile.exe, 00000000.00000003.1497664141.000000000093E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510805596.000000000093E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&amp;l=efile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://recaptcha.netfile.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://store.steampowered.com/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://127.0.0.1:27060file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://spirittunek.store:443/apifile.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://help.steampowered.com/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://api.steampowered.com/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/mobilefile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://steamcommunity.com/file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=englfile.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://steamcommunity.com/profiles/76561199724331900/badgesfile.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                        • URL Reputation: malware
                                                                                                        		unknown

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        104.102.49.254
                                                                                                        		steamcommunity.comUnited States
                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                        172.67.206.204
                                                                                                        		sergei-esenin.comUnited States
                                                                                                        		13335CLOUDFLARENETUStrue

                                                                                                        General Information

                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1529190
                                                                                                        Start date and time:2024-10-08 18:25:10 +02:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 3m 5s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:2
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:file.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HCA Information:Failed
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                        • Excluded IPs from analysis (whitelisted): 4.245.163.56
                                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • VT rate limit hit for: file.exe

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        TimeTypeDescription
                                                                                                        12:26:11API Interceptor2x Sleep call for process: file.exe modified

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                        • www.valvesoftware.com/legal.htm
                                                                                                        172.67.206.204file.exeGet hashmaliciousLummaCBrowse
                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                              lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                                                                                j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                                                                                                                  SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exeGet hashmaliciousLummaCBrowse
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          SecuriteInfo.com.Win32.Evo-gen.11282.4102.exeGet hashmaliciousLummaCBrowse

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comhttps://ipfs.io/ipfs/QmNRP5R9QkxB8MVgk2kWzrmB6GoTVL3gcLheGnJuUDPaXv?filename=forme.html#jstubblefield@securustechnologies.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 217.20.57.18
                                                                                                                            20fUAMt5dL.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                            • 217.20.57.18
                                                                                                                            https://Vv.ndlevesio.com/vrbU/Get hashmaliciousUnknownBrowse
                                                                                                                            • 217.20.57.18
                                                                                                                            PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 217.20.57.18
                                                                                                                            https://ipp.safetyworksolutions.com/Get hashmaliciousUnknownBrowse
                                                                                                                            • 84.201.210.36
                                                                                                                            REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                                                                                                                            • 84.201.210.34
                                                                                                                            https://pub-3432fdbad0cc4319a435ac6e41d4a0f1.r2.dev/scrpt.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 217.20.57.39
                                                                                                                            http://hiotdakia.wixsite.com/p-a-y-h-2-o/blank/Get hashmaliciousUnknownBrowse
                                                                                                                            • 217.20.57.34
                                                                                                                            http://pub-21beea42d44e4f0e83b5336b9ac3900a.r2.dev/woosf.htmlGet hashmaliciousUnknownBrowse
                                                                                                                            • 217.20.57.18
                                                                                                                            https://replybb.wixstudio.io/my-siteGet hashmaliciousUnknownBrowse
                                                                                                                            • 217.20.57.18
                                                                                                                            sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.21.53.8
                                                                                                                            j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.206.204
                                                                                                                            steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            15PylGQjzK.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            Ji7kZhlqxz.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 23.192.247.89
                                                                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254

                                                                                                                            ASNs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            CLOUDFLARENETUShttp://email-tracking.jotelulu.com/c/eJx0yjFyhSAQANDTQBeHXVaFgiKN90B29ZMQdRCSGU-fyQFSv8dhHdmSlgAzOjIEnvQrgLeSVgTrMPlRmBmtoMA2-W1NE-gc0CCBMQ4mmCwNntfkeJxnEYpuc4rMx9mk9NKHdH7pEl6tXbey7woXhUvNdyySj17b8xcULj_XWz5S6Sy3wqXVmD7zsSu0u9R8D5dUeRSZ_YxxOOuua_gHvgP-BgAA__-1WEObGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 104.17.25.14
                                                                                                                            https://hnt.zkg.mybluehost.me/CA/LETGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 104.17.25.14
                                                                                                                            https://salesf54b.myportfolio.com/Get hashmaliciousUnknownBrowse
                                                                                                                            • 104.21.30.116
                                                                                                                            https://1drv.ms/w/c/3e7c84f1a590a3e6/IQStDJr3bMEwQZDK5oU6uNI1AXa25ZxVanY0bWjgRrRk-d4Get hashmaliciousUnknownBrowse
                                                                                                                            • 104.18.36.155
                                                                                                                            paymentremittanceinformationCQDM.htmlGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.17.25.14
                                                                                                                            Y1ZqkGzvKm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Y1ZqkGzvKm.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            E_receipt.vbsGet hashmaliciousUnknownBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            https://ipfs.io/ipfs/QmNRP5R9QkxB8MVgk2kWzrmB6GoTVL3gcLheGnJuUDPaXv?filename=forme.html#jstubblefield@securustechnologies.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 104.17.25.14
                                                                                                                            EY10AIvC8B.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            AKAMAI-ASUShttps://hnt.zkg.mybluehost.me/CA/LETGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 23.38.98.79
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            15PylGQjzK.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            Ji7kZhlqxz.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 23.192.247.89
                                                                                                                            original (3).emlGet hashmaliciousUnknownBrowse
                                                                                                                            • 184.28.90.27
                                                                                                                            https://support.squarespacrenewel.retroestyle.com/?DTYUI0=RTDM45Get hashmaliciousUnknownBrowse
                                                                                                                            • 23.38.98.78
                                                                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254

                                                                                                                            JA3 Fingerprints

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            Y1ZqkGzvKm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            Y1ZqkGzvKm.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            E_receipt.vbsGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            EY10AIvC8B.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            15PylGQjzK.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            Ji7kZhlqxz.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            90g7XddjcS.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204
                                                                                                                            90g7XddjcS.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.102.49.254
                                                                                                                            • 172.67.206.204

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            No created / dropped files found

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Entropy (8bit):7.947817645978246
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:file.exe
                                                                                                                            File size:1'864'192 bytes
                                                                                                                            MD5:59c457152e84c2e83bb22799dda88a9d
                                                                                                                            SHA1:bdff2120b60a7f4aa314fa2b4bb9d17b6e08ad40
                                                                                                                            SHA256:9ebca3ec6dfea0b0b7651f739ee00adc72de0984a943f855bb5cde41198cc4bf
                                                                                                                            SHA512:1da0579290180a9809a32716e0845c94b26f104d3d8d9fe124d5869f865336f534406730b68e866d324f7b3d7b1d27b3a9a0c3c1264ea5b2fdbf018e4073b16b
                                                                                                                            SSDEEP:49152:BdD8WCxH5akhNWgErUYe0mZ5VWPh0LvSkvlH0ESL:BdKhcjgYe0mZ5VWp0xlH0ESL
                                                                                                                            TLSH:018533C24C3998CBDA5DD2721A775A0539FE9C08AFED8EB75B41E54A923F7044870A0E
                                                                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................J...........@...........................J...........@.................................W...k..

                                                                                                                            File Icon

                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x8a8000
                                                                                                                            Entrypoint Section:.taggant
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:6
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:6
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:6
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            jmp 00007F8F60D9E96Ah

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            0x10000x5d0000x25e002c491684f908031d16dc3f1738b3c594False0.9995165532178217data7.980274519211911IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            0x600000x2a90000x20088efdc74880948ea3761db9ffa60ff53unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            zisinevl0x3090000x19e0000x19da001a23a350a8eb8d0e2108f43b9775dcb1False0.9943861674599577data7.952850089954299IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            oonylekf0x4a70000x10000x40018ae18e72f0850780e10ac1076d897e9False0.712890625data5.699022835193652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .taggant0x4a80000x30000x22008b38c5ec83a0941c60a7b6ddedbd8cb3False0.07169117647058823DOS executable (COM)0.8965012014997037IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            kernel32.dlllstrcpy

                                                                                                                            Network Behavior

                                                                                                                            Suricata IDS Alerts

                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                            2024-10-08T18:26:12.487207+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.8539551.1.1.153UDP
                                                                                                                            2024-10-08T18:26:12.645146+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.8565711.1.1.153UDP
                                                                                                                            2024-10-08T18:26:12.657848+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.8628961.1.1.153UDP
                                                                                                                            2024-10-08T18:26:12.671354+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.8609341.1.1.153UDP
                                                                                                                            2024-10-08T18:26:12.683577+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.8602421.1.1.153UDP
                                                                                                                            2024-10-08T18:26:12.695838+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.8499521.1.1.153UDP
                                                                                                                            2024-10-08T18:26:12.710424+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.8497201.1.1.153UDP
                                                                                                                            2024-10-08T18:26:12.724973+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.8521691.1.1.153UDP
                                                                                                                            2024-10-08T18:26:15.600066+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849708172.67.206.204443TCP
                                                                                                                            2024-10-08T18:26:15.600066+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849708172.67.206.204443TCP

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Oct 8, 2024 18:26:12.755258083 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:12.755283117 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.755404949 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:12.758918047 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:12.758941889 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:13.580532074 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:13.580607891 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:13.584486008 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:13.584491968 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:13.584907055 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:13.631926060 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:13.654537916 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:13.695446968 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.396946907 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.396981001 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.397015095 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.397027969 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.397037029 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.397037029 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.397044897 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.397053003 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.397061110 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.397094011 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.397113085 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.494412899 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.494469881 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.494555950 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.494570971 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.494601011 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.494621038 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.499572039 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.499644041 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.499651909 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.499685049 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.499685049 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.499723911 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.500682116 CEST49707443192.168.2.8104.102.49.254
                                                                                                                            Oct 8, 2024 18:26:14.500695944 CEST44349707104.102.49.254192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.557157040 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:14.557188988 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.557251930 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:14.557580948 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:14.557595968 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:15.029171944 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:15.029321909 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:15.036698103 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:15.036720991 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:15.037111044 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:15.038435936 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:15.038454056 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:15.038535118 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:15.600085974 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:15.600200891 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:15.600255013 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:15.600543022 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:15.600557089 CEST44349708172.67.206.204192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:15.600574017 CEST49708443192.168.2.8172.67.206.204
                                                                                                                            Oct 8, 2024 18:26:15.600579977 CEST44349708172.67.206.204192.168.2.8

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Oct 8, 2024 18:26:12.487206936 CEST5395553192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.640232086 CEST53539551.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.645145893 CEST5657153192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.655977011 CEST53565711.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.657847881 CEST6289653192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.668453932 CEST53628961.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.671354055 CEST6093453192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.680959940 CEST53609341.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.683577061 CEST6024253192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.694405079 CEST53602421.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.695837975 CEST4995253192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.707730055 CEST53499521.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.710423946 CEST4972053192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.722259998 CEST53497201.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.724972963 CEST5216953192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.736680031 CEST53521691.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:12.741767883 CEST6305253192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:12.749639034 CEST53630521.1.1.1192.168.2.8
                                                                                                                            Oct 8, 2024 18:26:14.518862963 CEST5218553192.168.2.81.1.1.1
                                                                                                                            Oct 8, 2024 18:26:14.555327892 CEST53521851.1.1.1192.168.2.8

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Oct 8, 2024 18:26:12.487206936 CEST192.168.2.81.1.1.10x8696Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.645145893 CEST192.168.2.81.1.1.10xd0fdStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.657847881 CEST192.168.2.81.1.1.10x6385Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.671354055 CEST192.168.2.81.1.1.10x813aStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.683577061 CEST192.168.2.81.1.1.10xbf5bStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.695837975 CEST192.168.2.81.1.1.10xd999Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.710423946 CEST192.168.2.81.1.1.10x6ca2Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.724972963 CEST192.168.2.81.1.1.10x22d6Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.741767883 CEST192.168.2.81.1.1.10xd756Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:14.518862963 CEST192.168.2.81.1.1.10xf38eStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Oct 8, 2024 18:26:12.640232086 CEST1.1.1.1192.168.2.80x8696Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.655977011 CEST1.1.1.1192.168.2.80xd0fdName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.668453932 CEST1.1.1.1192.168.2.80x6385Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.680959940 CEST1.1.1.1192.168.2.80x813aName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.694405079 CEST1.1.1.1192.168.2.80xbf5bName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.707730055 CEST1.1.1.1192.168.2.80xd999Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.722259998 CEST1.1.1.1192.168.2.80x6ca2Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.736680031 CEST1.1.1.1192.168.2.80x22d6Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:12.749639034 CEST1.1.1.1192.168.2.80xd756No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:14.555327892 CEST1.1.1.1192.168.2.80xf38eNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:14.555327892 CEST1.1.1.1192.168.2.80xf38eNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:24.499320030 CEST1.1.1.1192.168.2.80xebc3No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:24.499320030 CEST1.1.1.1192.168.2.80xebc3No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.22A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:24.499320030 CEST1.1.1.1192.168.2.80xebc3No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.20A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:24.499320030 CEST1.1.1.1192.168.2.80xebc3No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.23A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:24.499320030 CEST1.1.1.1192.168.2.80xebc3No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.22A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:24.499320030 CEST1.1.1.1192.168.2.80xebc3No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.21A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:24.499320030 CEST1.1.1.1192.168.2.80xebc3No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.41A (IP address)IN (0x0001)false
                                                                                                                            Oct 8, 2024 18:26:24.499320030 CEST1.1.1.1192.168.2.80xebc3No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.40A (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • steamcommunity.com
                                                                                                                            • sergei-esenin.com

                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.849707104.102.49.2544435084C:\Users\user\Desktop\file.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-10-08 16:26:13 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                            Connection: Keep-Alive
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                            Host: steamcommunity.com
                                                                                                                            2024-10-08 16:26:14 UTC1870INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Date: Tue, 08 Oct 2024 16:26:14 GMT
                                                                                                                            Content-Length: 34837
                                                                                                                            Connection: close
                                                                                                                            Set-Cookie: sessionid=67d3c020a5ac9a2c1f192620; Path=/; Secure; SameSite=None
                                                                                                                            Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                            2024-10-08 16:26:14 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                            2024-10-08 16:26:14 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                            Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                            2024-10-08 16:26:14 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                            Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                            2024-10-08 16:26:14 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            1192.168.2.849708172.67.206.2044435084C:\Users\user\Desktop\file.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-10-08 16:26:15 UTC264OUTPOST /api HTTP/1.1
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                            Content-Length: 8
                                                                                                                            Host: sergei-esenin.com
                                                                                                                            2024-10-08 16:26:15 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                            Data Ascii: act=life
                                                                                                                            2024-10-08 16:26:15 UTC793INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 08 Oct 2024 16:26:15 GMT
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Set-Cookie: PHPSESSID=j54enmr0ovslpkjn2qh514muqp; expires=Sat, 01 Feb 2025 10:12:54 GMT; Max-Age=9999999; path=/
                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                            Pragma: no-cache
                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                            vary: accept-encoding
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=disS8G03BmLxD9NB9ShV3jAhGwIRhLhWQaifD%2F2aoyEv3qVXl8G6BFZ1Oy828dF9x0cNR2ofxjxD1OhQLBTmiNCdjqT3gt40gzztzTUtZVjFZXuW9K2LiNp774wNC0hQiqnVtg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 8cf77dd46b4443c3-EWR
                                                                                                                            2024-10-08 16:26:15 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                            Data Ascii: aerror #D12
                                                                                                                            2024-10-08 16:26:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:12:26:08
                                                                                                                            Start date:08/10/2024
                                                                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                            Imagebase:0xe30000
                                                                                                                            File size:1'864'192 bytes
                                                                                                                            MD5 hash:59C457152E84C2E83BB22799DDA88A9D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low
                                                                                                                            Has exited:true

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:0.8%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:74.4%
                                                                                                                              Total number of Nodes:39
                                                                                                                              Total number of Limit Nodes:3
                                                                                                                              execution_graph 21123 e3d110 21125 e3d119 21123->21125 21124 e3d2ee ExitProcess 21125->21124 21117 e73202 RtlAllocateHeap 21126 e3edb5 21127 e3edd0 21126->21127 21127->21127 21130 e3fca0 21127->21130 21133 e3fcdc 21130->21133 21131 e3ef70 21133->21131 21134 e73220 21133->21134 21135 e732a2 RtlFreeHeap 21134->21135 21136 e732ac 21134->21136 21137 e73236 21134->21137 21135->21136 21136->21131 21137->21135 21143 e799d0 21145 e799f5 21143->21145 21144 e79b0e 21147 e79a5f 21145->21147 21149 e75bb0 LdrInitializeThunk 21145->21149 21147->21144 21150 e75bb0 LdrInitializeThunk 21147->21150 21149->21147 21150->21144 21118 e6d9cb 21119 e6d9fb 21118->21119 21119->21119 21120 e6da65 21119->21120 21122 e75bb0 LdrInitializeThunk 21119->21122 21122->21119 21156 e764b8 21157 e763f2 21156->21157 21158 e7646e 21157->21158 21160 e75bb0 LdrInitializeThunk 21157->21160 21160->21158 21161 e4049b 21165 e40227 21161->21165 21162 e40455 21164 e75700 2 API calls 21162->21164 21166 e40308 21164->21166 21165->21162 21165->21166 21167 e75700 21165->21167 21168 e75797 21167->21168 21169 e7578c 21167->21169 21170 e7571b 21167->21170 21173 e75729 21167->21173 21171 e73220 RtlFreeHeap 21168->21171 21169->21162 21170->21168 21170->21169 21170->21173 21171->21169 21172 e75776 RtlReAllocateHeap 21172->21169 21173->21172

                                                                                                                              Executed Functions

                                                                                                                              Function 00E3FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 25 e3fca0-e3fcda 26 e3fd0b-e3fe22 25->26 27 e3fcdc-e3fcdf 25->27 29 e3fe24 26->29 30 e3fe5b-e3fe8c 26->30 28 e3fce0-e3fd09 call e42690 27->28 28->26 32 e3fe30-e3fe59 call e42760 29->32 33 e3feb6-e3fec5 call e40b50 30->33 34 e3fe8e-e3fe8f 30->34 32->30 39 e3feca-e3fecf 33->39 38 e3fe90-e3feb4 call e42700 34->38 38->33 42 e3fed5-e3fef8 39->42 43 e3ffe4-e3ffe6 39->43 45 e3ff2b-e3ff2d 42->45 46 e3fefa 42->46 47 e401b1-e401bb 43->47 49 e3ff30-e3ff3a 45->49 48 e3ff00-e3ff29 call e427e0 46->48 48->45 51 e3ff41-e3ff49 49->51 52 e3ff3c-e3ff3f 49->52 54 e401a2-e401ad call e73220 51->54 55 e3ff4f-e3ff76 51->55 52->49 52->51 54->47 57 e3ffab-e3ffb5 55->57 58 e3ff78 55->58 59 e3ffb7-e3ffbb 57->59 60 e3ffeb 57->60 62 e3ff80-e3ffa9 call e42840 58->62 63 e3ffc7-e3ffcb 59->63 64 e3ffed-e3ffef 60->64 62->57 67 e3ffd1-e3ffd8 63->67 68 e4019a 63->68 64->68 69 e3fff5-e4002c 64->69 70 e3ffda-e3ffdc 67->70 71 e3ffde 67->71 68->54 72 e4002e-e4002f 69->72 73 e4005b-e40065 69->73 70->71 76 e3ffc0-e3ffc5 71->76 77 e3ffe0-e3ffe2 71->77 78 e40030-e40059 call e428a0 72->78 74 e400a4 73->74 75 e40067-e4006f 73->75 80 e400a6-e400a8 74->80 79 e40087-e4008b 75->79 76->63 76->64 77->76 78->73 79->68 83 e40091-e40098 79->83 80->68 84 e400ae-e400c5 80->84 85 e4009e 83->85 86 e4009a-e4009c 83->86 87 e400c7 84->87 88 e400fb-e40102 84->88 91 e40080-e40085 85->91 92 e400a0-e400a2 85->92 86->85 93 e400d0-e400f9 call e42900 87->93 89 e40104-e4010d 88->89 90 e40130-e4013c 88->90 94 e40117-e4011b 89->94 95 e401c2-e401c7 90->95 91->79 91->80 92->91 93->88 94->68 97 e4011d-e40124 94->97 95->54 99 e40126-e40128 97->99 100 e4012a 97->100 99->100 101 e40110-e40115 100->101 102 e4012c-e4012e 100->102 101->94 103 e40141-e40143 101->103 102->101 103->68 104 e40145-e4015b 103->104 104->95 105 e4015d-e4015f 104->105 106 e40163-e40166 105->106 107 e401bc 106->107 108 e40168-e40188 call e42030 106->108 107->95 111 e40192-e40198 108->111 112 e4018a-e40190 108->112 111->95 112->106 112->111
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: J|BJ$V$VY^_$t
                                                                                                                              • API String ID: 0-3701112211
                                                                                                                              • Opcode ID: 9d2fd1aefa3bed3707f66584c5830d44c317d775a3ac7ec0354a7a0d5043f866
                                                                                                                              • Instruction ID: ab62685aa6bfe15fcd8dec19222d36dc15180332fcae117d26b6cc7e0a9cd303
                                                                                                                              • Opcode Fuzzy Hash: 9d2fd1aefa3bed3707f66584c5830d44c317d775a3ac7ec0354a7a0d5043f866
                                                                                                                              • Instruction Fuzzy Hash: 92D1767460D3909BD311DF14A49461FBBE1EB96B48F18982CF9C9AB352C336CD09DB92
                                                                                                                              Function 00E3D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 149 e3d110-e3d11b call e74cc0 152 e3d121-e3d130 call e6c8d0 149->152 153 e3d2ee-e3d2f6 ExitProcess 149->153 157 e3d136-e3d15f 152->157 158 e3d2e9 call e756e0 152->158 162 e3d161 157->162 163 e3d196-e3d1bf 157->163 158->153 164 e3d170-e3d194 call e3d300 162->164 165 e3d1c1 163->165 166 e3d1f6-e3d20c 163->166 164->163 168 e3d1d0-e3d1f4 call e3d370 165->168 169 e3d239-e3d23b 166->169 170 e3d20e-e3d20f 166->170 168->166 172 e3d286-e3d2aa 169->172 173 e3d23d-e3d25a 169->173 171 e3d210-e3d237 call e3d3e0 170->171 171->169 178 e3d2d6 call e3e8f0 172->178 179 e3d2ac-e3d2af 172->179 173->172 177 e3d25c-e3d25f 173->177 182 e3d260-e3d284 call e3d440 177->182 185 e3d2db-e3d2dd 178->185 183 e3d2b0-e3d2d4 call e3d490 179->183 182->172 183->178 185->158 188 e3d2df-e3d2e4 call e42f10 call e40b40 185->188 188->158
                                                                                                                              APIs
                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 00E3D2F1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExitProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 621844428-0
                                                                                                                              • Opcode ID: 7fc143db664eaecab783e784374a89fd096c4985aaaf16e39bb1a69914d1139e
                                                                                                                              • Instruction ID: ede66f0c67798ffb660e13bb9e57fff28ef5cfdaa489660da597e68dcca4c83e
                                                                                                                              • Opcode Fuzzy Hash: 7fc143db664eaecab783e784374a89fd096c4985aaaf16e39bb1a69914d1139e
                                                                                                                              • Instruction Fuzzy Hash: 3941157040D340ABD201AB64E948A2EFFE5EF92748F14AC1CE5C4A7262C336D824DB67
                                                                                                                              Function 00E75700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 194 e75700-e75714 195 e75797-e757a5 call e73220 194->195 196 e757b2 194->196 197 e757b0 194->197 198 e7578c-e75795 call e731a0 194->198 199 e7571b-e75722 194->199 200 e75729-e7574a 194->200 195->197 202 e757b4-e757b9 196->202 197->196 198->202 199->195 199->196 199->197 199->200 203 e75776-e7578a RtlReAllocateHeap 200->203 204 e7574c-e7574f 200->204 203->202 207 e75750-e75774 call e75b30 204->207 207->203
                                                                                                                              APIs
                                                                                                                              • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00E75784
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: 904f70d4c9887cb00c9e4a671286648ff2a26f29134bbef9f50600009e11178d
                                                                                                                              • Instruction ID: f953021f2ab6c16293ffca9a773b1a75a59cbaea3dfbc454232fa68e851b714c
                                                                                                                              • Opcode Fuzzy Hash: 904f70d4c9887cb00c9e4a671286648ff2a26f29134bbef9f50600009e11178d
                                                                                                                              • Instruction Fuzzy Hash: 8F119E7191C280EBC305AF28E841A1BBBF5EF86710F059828E4C8AB221D335D814DB93
                                                                                                                              Function 00E75BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 221 e75bb0-e75be2 LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              • LdrInitializeThunk.NTDLL(00E7973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00E75BDE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                              • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                              • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                              • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                              Function 00E7695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 250 e7695b-e7696b call e74a20 253 e76981-e76a02 250->253 254 e7696d 250->254 256 e76a36-e76a42 253->256 257 e76a04 253->257 255 e76970-e7697f 254->255 255->253 255->255 258 e76a85-e76a9f 256->258 259 e76a44-e76a4f 256->259 260 e76a10-e76a34 call e773e0 257->260 261 e76a50-e76a57 259->261 260->256 264 e76a60-e76a66 261->264 265 e76a59-e76a5c 261->265 264->258 267 e76a68-e76a7d call e75bb0 264->267 265->261 266 e76a5e 265->266 266->258 269 e76a82 267->269 269->258
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 0-2766056989
                                                                                                                              • Opcode ID: e766f6e654110484913eaba65cede2f0e70e5a01021a16af536def243a7cb026
                                                                                                                              • Instruction ID: cd3ce87995ba8d3d3f55602ab8077cbf2ae678d51494a6e35ab055dd0c19c842
                                                                                                                              • Opcode Fuzzy Hash: e766f6e654110484913eaba65cede2f0e70e5a01021a16af536def243a7cb026
                                                                                                                              • Instruction Fuzzy Hash: 0931AAB15083019FD718DF25C890B2AB7F1EF84348F44E82CE5CAA72A1E7759908CB56
                                                                                                                              Function 00E4049B Relevance: .3, Instructions: 264COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 270 e4049b-e40515 call e3c9f0 274 e40246-e40260 270->274 275 e40386-e4038c 270->275 276 e40227-e4023b 270->276 277 e40440-e40458 call e75700 270->277 278 e40480 270->278 279 e40242-e40244 270->279 280 e40482-e40484 270->280 281 e403ec-e403f4 270->281 282 e40308-e4030c 270->282 283 e40356 270->283 284 e40417-e40430 270->284 285 e40370-e4037e 270->285 286 e403d0-e403d7 270->286 287 e40311-e40320 270->287 288 e40472-e40477 270->288 289 e40393-e40397 270->289 290 e4051c-e4051e 270->290 291 e403be 270->291 292 e403de-e403e3 270->292 293 e4035f-e40367 270->293 294 e40339-e4034f 270->294 295 e4045b-e40469 call e75700 270->295 296 e403fb-e40414 270->296 299 e40294 274->299 300 e40262 274->300 275->278 275->280 275->288 275->289 276->274 276->275 276->277 276->278 276->279 276->280 276->281 276->282 276->283 276->284 276->285 276->286 276->287 276->288 276->289 276->291 276->292 276->293 276->294 276->295 276->296 277->295 298 e40296-e402bd 279->298 302 e4048d-e40496 280->302 281->278 281->280 281->288 281->289 281->296 282->302 283->293 284->277 285->275 286->275 286->278 286->280 286->281 286->284 286->288 286->289 286->292 286->296 311 e40327-e40332 287->311 288->278 304 e403a0-e403b7 289->304 297 e40520-e40b30 290->297 291->286 292->281 293->285 294->275 294->277 294->278 294->280 294->281 294->283 294->284 294->285 294->286 294->288 294->289 294->291 294->292 294->293 294->295 294->296 295->288 296->284 306 e402bf 298->306 307 e402ea-e40301 298->307 299->298 305 e40270-e40292 call e42eb0 300->305 302->297 304->275 304->277 304->278 304->280 304->281 304->284 304->286 304->288 304->289 304->291 304->292 304->295 304->296 305->299 317 e402c0-e402e8 call e42e70 306->317 307->275 307->277 307->278 307->280 307->281 307->282 307->283 307->284 307->285 307->286 307->287 307->288 307->289 307->291 307->292 307->293 307->294 307->295 307->296 311->275 311->277 311->278 311->280 311->281 311->283 311->284 311->285 311->286 311->288 311->289 311->291 311->292 311->293 311->294 311->295 311->296 317->307
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2ef73c7d5f80526d73bf94d4884f1b92d884c5284352feb77e64173be3bf43bf
                                                                                                                              • Instruction ID: 230a91c50490dc2a1cb0cb6ea5b5bac0105e1b2306c18940ecf03c8ee2e94e1c
                                                                                                                              • Opcode Fuzzy Hash: 2ef73c7d5f80526d73bf94d4884f1b92d884c5284352feb77e64173be3bf43bf
                                                                                                                              • Instruction Fuzzy Hash: 9C919D75200B01CFD724CF26E894A17B7F6FF89310B118A6CE95A9BBA1D770E819CB50
                                                                                                                              Function 00E40228 Relevance: .2, Instructions: 218COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 324 e40228-e4023b 325 e40246-e40260 324->325 326 e40386-e4038c 324->326 327 e40440-e40458 call e75700 324->327 328 e40480 324->328 329 e40242-e40244 324->329 330 e40482-e40484 324->330 331 e403ec-e403f4 324->331 332 e40308-e4030c 324->332 333 e40356 324->333 334 e40417-e40430 324->334 335 e40370-e4037e 324->335 336 e403d0-e403d7 324->336 337 e40311-e40320 324->337 338 e40472-e40477 324->338 339 e40393-e40397 324->339 340 e403be 324->340 341 e403de-e403e3 324->341 342 e4035f-e40367 324->342 343 e40339-e4034f 324->343 344 e4045b-e40469 call e75700 324->344 345 e403fb-e40414 324->345 347 e40294 325->347 348 e40262 325->348 326->328 326->330 326->338 326->339 327->344 346 e40296-e402bd 329->346 350 e4048d-e40b30 330->350 331->328 331->330 331->338 331->339 331->345 332->350 333->342 334->327 335->326 336->326 336->328 336->330 336->331 336->334 336->338 336->339 336->341 336->345 359 e40327-e40332 337->359 338->328 352 e403a0-e403b7 339->352 340->336 341->331 342->335 343->326 343->327 343->328 343->330 343->331 343->333 343->334 343->335 343->336 343->338 343->339 343->340 343->341 343->342 343->344 343->345 344->338 345->334 354 e402bf 346->354 355 e402ea-e40301 346->355 347->346 353 e40270-e40292 call e42eb0 348->353 352->326 352->327 352->328 352->330 352->331 352->334 352->336 352->338 352->339 352->340 352->341 352->344 352->345 353->347 364 e402c0-e402e8 call e42e70 354->364 355->326 355->327 355->328 355->330 355->331 355->332 355->333 355->334 355->335 355->336 355->337 355->338 355->339 355->340 355->341 355->342 355->343 355->344 355->345 359->326 359->327 359->328 359->330 359->331 359->333 359->334 359->335 359->336 359->338 359->339 359->340 359->341 359->342 359->343 359->344 359->345 364->355
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b4b5c7b7f525a2b674c78554e552cb793e2038e6194f09635c983ba582ccad92
                                                                                                                              • Instruction ID: 95d56beef17a182fe298950f58df651e45eefa5bdd7e8bf6926b244f0c7265a9
                                                                                                                              • Opcode Fuzzy Hash: b4b5c7b7f525a2b674c78554e552cb793e2038e6194f09635c983ba582ccad92
                                                                                                                              • Instruction Fuzzy Hash: C3719975200701CFD724CF22EC94B26B7F6FF89314F10896CE95A9BAA2D771A859CB50
                                                                                                                              Function 00E799D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5618d582f4bfdbbe576192e3cf521f851123993349a3286231d1b715d7f67d32
                                                                                                                              • Instruction ID: c051103977f4cd17b0f04f146a71ec25f21da9c440feb5940a83d02809eb9d7d
                                                                                                                              • Opcode Fuzzy Hash: 5618d582f4bfdbbe576192e3cf521f851123993349a3286231d1b715d7f67d32
                                                                                                                              • Instruction Fuzzy Hash: C5419C35209300AFD714DA15E890B2BB7F6EF85718F24E82CF58EA7252D375E801CB66
                                                                                                                              Function 00E763B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 7a3b3add2ef3b086d3abff96ab33c896ed824fc526ffff32840ec2213a159920
                                                                                                                              • Instruction ID: 8e3ad43c7554df39ce99985252cfcd445673d5861105aa413a4eea9b8a5fbb92
                                                                                                                              • Opcode Fuzzy Hash: 7a3b3add2ef3b086d3abff96ab33c896ed824fc526ffff32840ec2213a159920
                                                                                                                              • Instruction Fuzzy Hash: B031F570249701BED624DB04CD81F3AB7A1FB80B18F64D90CF1997B2D1D370A811CB52
                                                                                                                              Function 00E40EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4282c4d47203f2ceeb7d4862f2c6f193817d5f697df8bee0deea941ea6f37d30
                                                                                                                              • Instruction ID: 3e945b7c1dda03fc9d23f19e2cd223c521207ed5a5b9102b55dc71367784e0e3
                                                                                                                              • Opcode Fuzzy Hash: 4282c4d47203f2ceeb7d4862f2c6f193817d5f697df8bee0deea941ea6f37d30
                                                                                                                              • Instruction Fuzzy Hash: 6E213AB4A0021A9FDB15CF94DC90BBEBBB2FF4A304F144818E911BB392C735A905CB64
                                                                                                                              Function 00E73220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 211 e73220-e7322f 212 e73236-e73252 211->212 213 e732a2-e732a6 RtlFreeHeap 211->213 214 e732a0 211->214 215 e732ac-e732b0 211->215 216 e73286-e73296 212->216 217 e73254 212->217 213->215 214->213 216->214 218 e73260-e73284 call e75af0 217->218 218->216
                                                                                                                              APIs
                                                                                                                              • RtlFreeHeap.NTDLL(?,00000000), ref: 00E732A6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3298025750-0
                                                                                                                              • Opcode ID: a207d3d52cc2a25f43089411786914a7b66833c9346b619b38f69fb33681e18a
                                                                                                                              • Instruction ID: 4ac1f0ff95665219375526a2aa4cc6c149b814233b4b5ce2c5334650e6ff3b94
                                                                                                                              • Opcode Fuzzy Hash: a207d3d52cc2a25f43089411786914a7b66833c9346b619b38f69fb33681e18a
                                                                                                                              • Instruction Fuzzy Hash: DA014B3450D2409FC701AB68E945A1ABBE8EF5AB00F05891CE5C99B361D335DD64DB92
                                                                                                                              Function 00E73202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 222 e73202-e73211 RtlAllocateHeap
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000), ref: 00E73208
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: 4439166ba1518b36bcce9ffc66b53279ec2e77b810051f6c650966d304320cab
                                                                                                                              • Instruction ID: bb754b136e9773dc20d09ec69c8ad8522fa0ebd6e84293bb366ad48cea0e6ef3
                                                                                                                              • Opcode Fuzzy Hash: 4439166ba1518b36bcce9ffc66b53279ec2e77b810051f6c650966d304320cab
                                                                                                                              • Instruction Fuzzy Hash: E3B012300400005FEA081B00EC0AF003610EB00605FC00050A104140F1D1625878C654

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00E623E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$Wu
                                                                                                                              • API String ID: 0-1419478863
                                                                                                                              • Opcode ID: 1ef172f79325626b184b9455e243386498303485b10074f85a2ce8741d483713
                                                                                                                              • Instruction ID: 2aba0e0eda87bf388260aac2ef827803ce0c2d2c4084eec0346a7093f837f157
                                                                                                                              • Opcode Fuzzy Hash: 1ef172f79325626b184b9455e243386498303485b10074f85a2ce8741d483713
                                                                                                                              • Instruction Fuzzy Hash: 2033ED70104B818FD7258F38D590762BBE1FF16344F58A89DE4DAAB792C736E806CB61
                                                                                                                              Function 00E4DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                              • API String ID: 2994545307-1418943773
                                                                                                                              • Opcode ID: e686b07e15e7e5f090aa81fe6b34c541d840acb0a68970bfc51e921c45b4a7f6
                                                                                                                              • Instruction ID: 1c23f0c288de841bf806f8a9a97bbb79bba2c06b2432e96f554826c895864eb5
                                                                                                                              • Opcode Fuzzy Hash: e686b07e15e7e5f090aa81fe6b34c541d840acb0a68970bfc51e921c45b4a7f6
                                                                                                                              • Instruction Fuzzy Hash: C6F267B05093819FD770CF14D884BABBBE2BFD5304F14582DE4C9AB292DB759984CB92
                                                                                                                              Function 00E59F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                              • API String ID: 0-1131134755
                                                                                                                              • Opcode ID: f0bc5ab25d8fa6f9ed7aa115a98375eda209117343df182decf80a19267c3ac6
                                                                                                                              • Instruction ID: c272ae335b8ff3c0b3a7727adc3c93267d1defebcab869b9224c24108f884d44
                                                                                                                              • Opcode Fuzzy Hash: f0bc5ab25d8fa6f9ed7aa115a98375eda209117343df182decf80a19267c3ac6
                                                                                                                              • Instruction Fuzzy Hash: E852C6B400D3858AE270CF25D581B8EBAF1BB92740F609E1DE5EDAB255DB708049CF93
                                                                                                                              Function 00E59510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                              • API String ID: 0-655414846
                                                                                                                              • Opcode ID: 1944f51620c5a7de3fed71136d6d95addddf7ea4807a86cc0e65053bfb845f2e
                                                                                                                              • Instruction ID: 4788d75d19c5a64b70d1314d007404b586847078d54e847e4c1802581753dc2a
                                                                                                                              • Opcode Fuzzy Hash: 1944f51620c5a7de3fed71136d6d95addddf7ea4807a86cc0e65053bfb845f2e
                                                                                                                              • Instruction Fuzzy Hash: C8F13FB0508380ABD310DF15D881A2BBBF4FB8A749F545D1CF9D9AB252D374D908CBA6
                                                                                                                              Function 00E5DD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$r$upH}${E$
                                                                                                                              • API String ID: 0-4053686350
                                                                                                                              • Opcode ID: f3db9d8a6e5c992f4a164faa472af5d1e77d082756b6226d82b433e627b89c79
                                                                                                                              • Instruction ID: 03e598e3171a616fdc73df51ca60b18d1f03a60137e7e2cd4989a8a6ebb9ad3c
                                                                                                                              • Opcode Fuzzy Hash: f3db9d8a6e5c992f4a164faa472af5d1e77d082756b6226d82b433e627b89c79
                                                                                                                              • Instruction Fuzzy Hash: D3920371E00205CFDB18CF69D8416AEBBB2FF49315F298569E816BB391D731AD06CB90
                                                                                                                              Function 01003E5E Relevance: 14.1, Strings: 10, Instructions: 1619COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %r?w$'.AZ$7g'y$?bJ@$Ah?v$Vfao$]v$j0/$kco$ktgo
                                                                                                                              • API String ID: 0-2710051933
                                                                                                                              • Opcode ID: 77bf9f24000d8d4a208e6769d6042e7f89fe5c784e929bc36a5da2f31aa96c81
                                                                                                                              • Instruction ID: 1d2bf2bf2ae8c3b5e8add25c36630d9a7f272de73d2c8882693d00ea873d6363
                                                                                                                              • Opcode Fuzzy Hash: 77bf9f24000d8d4a208e6769d6042e7f89fe5c784e929bc36a5da2f31aa96c81
                                                                                                                              • Instruction Fuzzy Hash: B4B2D7F3A0C204AFE314AE29EC8577AF7E9EB94320F16493DEAC5C3344E63558158697
                                                                                                                              Function 00E5098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                              • API String ID: 0-4102007303
                                                                                                                              • Opcode ID: 9668cc168c6df7563698d3327a959c077a85009aac7d78aee221b47599f710f0
                                                                                                                              • Instruction ID: 6ddbb81b304d7eb4eee92043ba744ca2f105a20de37ed349123bda0691cf3d58
                                                                                                                              • Opcode Fuzzy Hash: 9668cc168c6df7563698d3327a959c077a85009aac7d78aee221b47599f710f0
                                                                                                                              • Instruction Fuzzy Hash: 1C6298B16083818FD3308F14D895BABBBE1FF96315F045D2DE89AAB641E3758948CB53
                                                                                                                              Function 00E31000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                              • API String ID: 0-2517803157
                                                                                                                              • Opcode ID: 6c52b75ff75bcd9f2fa5e9d41ee06e59fe9576178e1ae4755472e35bed28df42
                                                                                                                              • Instruction ID: 2cbfa09bf85bb41e5d0850b263a7997eb5ea83b74e91d2e6f6f880f2feb3c2f7
                                                                                                                              • Opcode Fuzzy Hash: 6c52b75ff75bcd9f2fa5e9d41ee06e59fe9576178e1ae4755472e35bed28df42
                                                                                                                              • Instruction Fuzzy Hash: D6D204316083418FC718CE28C49876ABFE2AFD5318F18DA6DE5D9AB391D734D945CB82
                                                                                                                              Function 00FF4C1B Relevance: 10.4, Strings: 7, Instructions: 1636COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !\$%R]}$5_i$N c$t5d?$xOWn$*as
                                                                                                                              • API String ID: 0-587915627
                                                                                                                              • Opcode ID: d24d1e7e89d01e0219d48eadd407664cc69a85191156206273efdcc9d4e3b309
                                                                                                                              • Instruction ID: fcb6f611ca490080c7eae71a441f52c6884e377ffc896f55b3268744801dcecc
                                                                                                                              • Opcode Fuzzy Hash: d24d1e7e89d01e0219d48eadd407664cc69a85191156206273efdcc9d4e3b309
                                                                                                                              • Instruction Fuzzy Hash: 3FB2F6F360C2049FE3046E2DEC8567AFBE9EF94720F1A893DE6C4C7344EA7558058696
                                                                                                                              Function 00FFD1D4 Relevance: 9.1, Strings: 6, Instructions: 1635COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !uw$K6]$Q~7}$U~7}$g@}-$vny{
                                                                                                                              • API String ID: 0-1504129797
                                                                                                                              • Opcode ID: 93f59a7bdbca1a68530ede653f250943cbdcb8c9c10187c30fbc37059d2f76e2
                                                                                                                              • Instruction ID: 572a02db6628022e543832ec9d9299f474bb7fff20c468c03ec7112e046b59d8
                                                                                                                              • Opcode Fuzzy Hash: 93f59a7bdbca1a68530ede653f250943cbdcb8c9c10187c30fbc37059d2f76e2
                                                                                                                              • Instruction Fuzzy Hash: D9B2F7F3A082049FE7046E2DEC8577ABBE9EF94320F1A493DE6C4C3744EA3558058697
                                                                                                                              Function 010008BB Relevance: 9.1, Strings: 6, Instructions: 1610COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: PCJ$]uo{$osyJ$=~k$l}$tz{
                                                                                                                              • API String ID: 0-3495789466
                                                                                                                              • Opcode ID: 673f451bc2ed0aa12feb2d942d72a6925e895a6aa0d83bd1db3d6b34c235d69b
                                                                                                                              • Instruction ID: 32053756db504ca00b1e55df07b399837ed90c623921f2d35b6704daafc155fb
                                                                                                                              • Opcode Fuzzy Hash: 673f451bc2ed0aa12feb2d942d72a6925e895a6aa0d83bd1db3d6b34c235d69b
                                                                                                                              • Instruction Fuzzy Hash: B3B227F3A082049FE3046E2DEC8577ABBE9EF94720F1A493DE6C487744E63598048797
                                                                                                                              Function 010072D2 Relevance: 7.9, Strings: 5, Instructions: 1629COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !]O$'WB $3%/$p//$_m
                                                                                                                              • API String ID: 0-2983390293
                                                                                                                              • Opcode ID: 73d7086015a9bdc9a3d51980e8b8756e73e94a73185c0116d12ea8d80f45f71f
                                                                                                                              • Instruction ID: f880a6bb5a72a5c4f36bf079ea7e38c912088ff156af3287174d4482e6c48599
                                                                                                                              • Opcode Fuzzy Hash: 73d7086015a9bdc9a3d51980e8b8756e73e94a73185c0116d12ea8d80f45f71f
                                                                                                                              • Instruction Fuzzy Hash: B4A25DF3A081109FE304AE2DEC45A7BBBE9EFD4320F1A853DEAC5D3744E93558058692
                                                                                                                              Function 010023C5 Relevance: 7.8, Strings: 5, Instructions: 1598COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: +$#p;$6Y"/$PGx$rZ>
                                                                                                                              • API String ID: 0-1673932119
                                                                                                                              • Opcode ID: 2f84fb2378f29d8d036415decbf572b7e5bfd2beaf55e42b43cd1734cb5c9e37
                                                                                                                              • Instruction ID: 681392000569671e3952f50327f8796ec7021ee7f9c423db772f667c4d93493d
                                                                                                                              • Opcode Fuzzy Hash: 2f84fb2378f29d8d036415decbf572b7e5bfd2beaf55e42b43cd1734cb5c9e37
                                                                                                                              • Instruction Fuzzy Hash: F5B2E6F360C2009FE304AE2DEC8567AFBE5EB94720F1A893DE6C4D7744E63598058697
                                                                                                                              Function 00E312F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 0$0$0$@$i
                                                                                                                              • API String ID: 0-3124195287
                                                                                                                              • Opcode ID: a71b67b1825ec7d52232cf91a08c3050a9fc901d5adee7d191ee17c42b35f28a
                                                                                                                              • Instruction ID: 03a56fd9ab99745ed553e6a0aeff71470dd77af2456dc89ab63162b0369024a7
                                                                                                                              • Opcode Fuzzy Hash: a71b67b1825ec7d52232cf91a08c3050a9fc901d5adee7d191ee17c42b35f28a
                                                                                                                              • Instruction Fuzzy Hash: BD62F23160C3819FC318CE28C49876AFFE1AFD5308F189A5DE9D9A7291D374D949CB82
                                                                                                                              Function 00FFBF68 Relevance: 7.1, Strings: 5, Instructions: 893COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: "lCg$)ex$1Fo>$x?M$x?M
                                                                                                                              • API String ID: 0-1626784886
                                                                                                                              • Opcode ID: 1e2e90999f0d6bcf657943e7ab3a66743b64e092447354a09b06a52e149905a1
                                                                                                                              • Instruction ID: 989dcd435955c9ae41d6b98649fa279ea3a013540770ff0187e1a5bcf70bd72b
                                                                                                                              • Opcode Fuzzy Hash: 1e2e90999f0d6bcf657943e7ab3a66743b64e092447354a09b06a52e149905a1
                                                                                                                              • Instruction Fuzzy Hash: 535217F360C2009FE708AE29EC9577AB7E5EF94320F1A493DE6C583744EA3598058797
                                                                                                                              Function 00E3164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                              • API String ID: 0-1123320326
                                                                                                                              • Opcode ID: 62acc23f874e91369bbd7319b645f5e281b7f07d19bdda4d1ff0f58b9773246c
                                                                                                                              • Instruction ID: 35159717e306d4416ee90806de06f3ecff6ecfadd6c7fcb74c41e710eaea022a
                                                                                                                              • Opcode Fuzzy Hash: 62acc23f874e91369bbd7319b645f5e281b7f07d19bdda4d1ff0f58b9773246c
                                                                                                                              • Instruction Fuzzy Hash: 43F1813160C3818FC719CE29C48826AFFE2AFD9308F189A6DE5D997352D734D945CB92
                                                                                                                              Function 00E313A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                              • API String ID: 0-3620105454
                                                                                                                              • Opcode ID: e9e7a8c48f5b636deea44b2c8abf03a5e962a67e54e4a36694924acb462cb6f1
                                                                                                                              • Instruction ID: e3589e740aeb0495d4a70d0fd6ecb052171f429a86db21b5bffac520edfe981d
                                                                                                                              • Opcode Fuzzy Hash: e9e7a8c48f5b636deea44b2c8abf03a5e962a67e54e4a36694924acb462cb6f1
                                                                                                                              • Instruction Fuzzy Hash: 43D1AE3160C7818FC719CE29C48826AFFE2AFD9308F08DA6DE5D997352D634D949CB52
                                                                                                                              Function 00FFED99 Relevance: 6.6, Strings: 4, Instructions: 1597COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: , $$7ro$;gy$AJE
                                                                                                                              • API String ID: 0-798295935
                                                                                                                              • Opcode ID: 926b9f83e715c9dff84423923885a0953d8fa37d237d8066311f2967897f8128
                                                                                                                              • Instruction ID: ffc9669ab25a325a32291276d2d0cbc344edf988e6dc9656769105bf5b0d0885
                                                                                                                              • Opcode Fuzzy Hash: 926b9f83e715c9dff84423923885a0953d8fa37d237d8066311f2967897f8128
                                                                                                                              • Instruction Fuzzy Hash: 52B228F3A082049FE704AE2DEC8567ABBE9EF94320F16853DEAC4C7744E63558058797
                                                                                                                              Function 010058CD Relevance: 6.6, Strings: 4, Instructions: 1586COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Rk~$k2}$qU_$vxA{
                                                                                                                              • API String ID: 0-2701572333
                                                                                                                              • Opcode ID: 175a53a3226b01e855cd60b2e0b5b42e9f2f4cf523c0337064ee3ff020f2595f
                                                                                                                              • Instruction ID: 6d6d98196abd0aee78fab675d97a81ddab4b3da8cce989533daf955ccd329f71
                                                                                                                              • Opcode Fuzzy Hash: 175a53a3226b01e855cd60b2e0b5b42e9f2f4cf523c0337064ee3ff020f2595f
                                                                                                                              • Instruction Fuzzy Hash: 2EB2F4F360C2049FE304AE29EC8567ABBE5EF94720F16893DEAC4C7744E63598058797
                                                                                                                              Function 00E5FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: :$NA_I$m1s3$uvw
                                                                                                                              • API String ID: 0-3973114637
                                                                                                                              • Opcode ID: e89c9368a76c39a0a771ee867feb042bd52ca37bc1551d244c721c64112fdf9e
                                                                                                                              • Instruction ID: cb23c5fca163fdf50e6cce21329a36ea9de6bbddb1e92327facdeda72fa8d432
                                                                                                                              • Opcode Fuzzy Hash: e89c9368a76c39a0a771ee867feb042bd52ca37bc1551d244c721c64112fdf9e
                                                                                                                              • Instruction Fuzzy Hash: B532CBB0508380CFD315DF29E880A2BBBE5AF8A354F145D5CF5D5AB2A2D335D909CB52
                                                                                                                              Function 00E43BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($;z$p$ss
                                                                                                                              • API String ID: 0-2391135358
                                                                                                                              • Opcode ID: 649c9e7a3156eed8a7affdfac2eaf5db136b5ffd5b207da6242b44be50621a40
                                                                                                                              • Instruction ID: 722114d2611faa8c7975f6afbae944227b778a85b5ad8e49b65b5f3acf8a809b
                                                                                                                              • Opcode Fuzzy Hash: 649c9e7a3156eed8a7affdfac2eaf5db136b5ffd5b207da6242b44be50621a40
                                                                                                                              • Instruction Fuzzy Hash: 91025AB4810B00EFD760DF25D986756BFF4FB01304F50995DE89A9B696E331E818CBA2
                                                                                                                              Function 00E52260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: a|$hu$lc$sj
                                                                                                                              • API String ID: 0-3748788050
                                                                                                                              • Opcode ID: 5524b260f4245381410d12bb1a72f3752dfe3a344a88a7eb6e947e426aafeb88
                                                                                                                              • Instruction ID: 5c725c934f510ef5294174da0c96472e224ccbf3947493249933c944cf3c19e8
                                                                                                                              • Opcode Fuzzy Hash: 5524b260f4245381410d12bb1a72f3752dfe3a344a88a7eb6e947e426aafeb88
                                                                                                                              • Instruction Fuzzy Hash: 6EA1AE744083418BC720DF18C891A2BB7F0FF96359F58AE0CE9D5AB291E335D949CB96
                                                                                                                              Function 0100C17E Relevance: 5.4, Strings: 3, Instructions: 1602COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !ln?$&q6{$k"0
                                                                                                                              • API String ID: 0-257238845
                                                                                                                              • Opcode ID: cfb11922cadaa06fb8f925e25430bd5629058a3c706f41d2b58b60727e52fc61
                                                                                                                              • Instruction ID: 06df95f17df3c4d6ebc7d870c2c8c48f129f88a58a0f75e6f03e99bd2f252f46
                                                                                                                              • Opcode Fuzzy Hash: cfb11922cadaa06fb8f925e25430bd5629058a3c706f41d2b58b60727e52fc61
                                                                                                                              • Instruction Fuzzy Hash: 66B209F3608604AFE304AE2DEC8567AFBE9EF94720F16493DE6C4C7744E63598018697
                                                                                                                              Function 00FF9CFB Relevance: 5.3, Strings: 3, Instructions: 1578COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 0h]x$CXf$p?{
                                                                                                                              • API String ID: 0-2388685267
                                                                                                                              • Opcode ID: 37ad52f0c668cd5c2cebbc232f33dc9543832f93f25eabfab44905109f550d16
                                                                                                                              • Instruction ID: ccbaf40e339b3bdb7519d699d42bec1cfd9c3fd71e70e90d29750ba6718b6b3c
                                                                                                                              • Opcode Fuzzy Hash: 37ad52f0c668cd5c2cebbc232f33dc9543832f93f25eabfab44905109f550d16
                                                                                                                              • Instruction Fuzzy Hash: F5B218F3A0C2049FD3046F29EC8567ABBE9EF94720F1A493DEAC4C7744E63598058697
                                                                                                                              Function 00E5D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: #'$CV$KV$T>
                                                                                                                              • API String ID: 0-95592268
                                                                                                                              • Opcode ID: add23f648bcb106e304b54d1d09812635befd7bddc6a85ab387569876bb939a2
                                                                                                                              • Instruction ID: 1ba3c3b731c90ac3e7e6999e56652b47f67bfe5446acf70fe587bcb60677e48e
                                                                                                                              • Opcode Fuzzy Hash: add23f648bcb106e304b54d1d09812635befd7bddc6a85ab387569876bb939a2
                                                                                                                              • Instruction Fuzzy Hash: 518165B48017459BCB20DFA5D68516EBFB1FF12301F605A0CE8867BA55C370AA59CFE2
                                                                                                                              Function 00E5AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                              • API String ID: 0-1327526056
                                                                                                                              • Opcode ID: 38f37a49cb575f0203523d2a75fe688e3782ebf930d529e9a56afd2810ef6778
                                                                                                                              • Instruction ID: 356da0c66b27e041b1c913c9373ecab4fd5b1c533008fcf0b202ed907fb98a6c
                                                                                                                              • Opcode Fuzzy Hash: 38f37a49cb575f0203523d2a75fe688e3782ebf930d529e9a56afd2810ef6778
                                                                                                                              • Instruction Fuzzy Hash: 99415874408381CED7209F20D900BABB7F4FF86349F54595DE9C8A7260DB35D949CB96
                                                                                                                              Function 00E5C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($%*+($~/i!
                                                                                                                              • API String ID: 0-4033100838
                                                                                                                              • Opcode ID: 0404aabee8cb322800bc44ed5bec4af9e02d976381f22a48aa44ad96026a6599
                                                                                                                              • Instruction ID: b64b5e059cd5dd692f2b6142923ea011eafbe97000eb7e2da1825a3178ba6b6f
                                                                                                                              • Opcode Fuzzy Hash: 0404aabee8cb322800bc44ed5bec4af9e02d976381f22a48aa44ad96026a6599
                                                                                                                              • Instruction Fuzzy Hash: 2DE1A7B5508340DFE3209F25D881B2ABBF9FB85345F589C2CE5C9A7252E731D819CB92
                                                                                                                              Function 00FF8234 Relevance: 4.1, Strings: 2, Instructions: 1648COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: b@M~$v~
                                                                                                                              • API String ID: 0-1093528426
                                                                                                                              • Opcode ID: 05dea222064665e4212b654d90cb75c1a2f4125ed437446d851ff52de02a4ddd
                                                                                                                              • Instruction ID: bf79af8c6cd75bad1e4f40fc5ed51d44ba1f2fb78947b366bbdf65d69b4eaaad
                                                                                                                              • Opcode Fuzzy Hash: 05dea222064665e4212b654d90cb75c1a2f4125ed437446d851ff52de02a4ddd
                                                                                                                              • Instruction Fuzzy Hash: C8B2D7F3A0C204AFE3046E2DEC8567ABBE9EFD4760F1A453DEAC4C3744E93558058696
                                                                                                                              Function 00E38590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: )$)$IEND
                                                                                                                              • API String ID: 0-588110143
                                                                                                                              • Opcode ID: b4b1e9ff667e75d6c3beeeabb4c42b4424599dced8a57c9d8e38337af8425d06
                                                                                                                              • Instruction ID: 8c5297d856a9029f1f700a11ce2f92442d5cc59c826a91ca587d416be6bd8c0b
                                                                                                                              • Opcode Fuzzy Hash: b4b1e9ff667e75d6c3beeeabb4c42b4424599dced8a57c9d8e38337af8425d06
                                                                                                                              • Instruction Fuzzy Hash: ECE1B0B1A087059FE310CF29C88976AFBE0BB94318F14592DF599A7381DB75E914CBC2
                                                                                                                              Function 01009876 Relevance: 3.2, Strings: 2, Instructions: 697COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 6ys$6ys
                                                                                                                              • API String ID: 0-2810116447
                                                                                                                              • Opcode ID: fe83e9209ca33d2eef0b9a1d0afb99c7cdd059faf7f498fe03207b93e8ea598c
                                                                                                                              • Instruction ID: b5f78674b604e51b954c3ba40f2a19401300dab6b6840ebbf20ba655fdf2dac6
                                                                                                                              • Opcode Fuzzy Hash: fe83e9209ca33d2eef0b9a1d0afb99c7cdd059faf7f498fe03207b93e8ea598c
                                                                                                                              • Instruction Fuzzy Hash: 202218F3A086049FE7046E2DEC8577AFBEAEFD4320F1A453DE6C583744E93598058692
                                                                                                                              Function 00E74040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+($f
                                                                                                                              • API String ID: 0-2038831151
                                                                                                                              • Opcode ID: 68dd99d62dc51e351385086b3afab57568d52de659ebfae7fc373fc79443c811
                                                                                                                              • Instruction ID: 1741285fdec1cab4254ca0fb29df540e22009bb85dacf492426e16cc29c207aa
                                                                                                                              • Opcode Fuzzy Hash: 68dd99d62dc51e351385086b3afab57568d52de659ebfae7fc373fc79443c811
                                                                                                                              • Instruction Fuzzy Hash: 6512BEB15083409FC714CF18C880B2EBBE6FB89318F58DA2DF499AB291D771D945CB92
                                                                                                                              Function 00E6F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: dg$hi
                                                                                                                              • API String ID: 0-2859417413
                                                                                                                              • Opcode ID: 979d4df6258843903cd978b92600ab3cb12413a2c35472efdf7f122bab99066c
                                                                                                                              • Instruction ID: bcc2e6bb1040edc565b8c67e33c7c25ca6b980ea1e7968a099200c31e0310f09
                                                                                                                              • Opcode Fuzzy Hash: 979d4df6258843903cd978b92600ab3cb12413a2c35472efdf7f122bab99066c
                                                                                                                              • Instruction Fuzzy Hash: 7EF19571658341EFE304CF25E890B2ABBE5FF85348F14992CF289AB2A1C734D845CB52
                                                                                                                              Function 00E335B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Inf$NaN
                                                                                                                              • API String ID: 0-3500518849
                                                                                                                              • Opcode ID: bc7ec0eb383df64e0468835728d324d7c8acd2773580ceb414e4c5663f7eca7b
                                                                                                                              • Instruction ID: 595a90c1a9506027263c75a6ab57617a4a59cf254136037cc3f734e9abdf9ecf
                                                                                                                              • Opcode Fuzzy Hash: bc7ec0eb383df64e0468835728d324d7c8acd2773580ceb414e4c5663f7eca7b
                                                                                                                              • Instruction Fuzzy Hash: 7BD1E771A083119BC708CF29C884A5EBBE1EFC8750F159A2DF999A73A0E775DD04CB81
                                                                                                                              Function 0100A874 Relevance: 2.8, Strings: 1, Instructions: 1516COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: \Yn
                                                                                                                              • API String ID: 0-2408217824
                                                                                                                              • Opcode ID: e9991f133a86788f929134535ed68824ad99e27e31409de05cc1982f1d8d16d9
                                                                                                                              • Instruction ID: 9226a9fa9ac1961c933f2f9b312a7457776a4710bc165ba2e4fa161c15fe7de5
                                                                                                                              • Opcode Fuzzy Hash: e9991f133a86788f929134535ed68824ad99e27e31409de05cc1982f1d8d16d9
                                                                                                                              • Instruction Fuzzy Hash: 54A2D2F260C204AFE7056E29EC8577AFBE5EF94720F16893DEAC483744EA3558048797
                                                                                                                              Function 00E4FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: BaBc$Ye[g
                                                                                                                              • API String ID: 0-286865133
                                                                                                                              • Opcode ID: 356b48a22d558035576ca69d60f17c6a0171713c9cb35ca4471557a92d3c3866
                                                                                                                              • Instruction ID: d3553a127f76e8ea72c808998ea55957d212571d406c0fe1e01a020a8736cf89
                                                                                                                              • Opcode Fuzzy Hash: 356b48a22d558035576ca69d60f17c6a0171713c9cb35ca4471557a92d3c3866
                                                                                                                              • Instruction Fuzzy Hash: 0251BD716083818BC331CF14C481BABB7E0FF96315F186D1DE899AB691E3749944CB57
                                                                                                                              Function 00E35160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %1.17g
                                                                                                                              • API String ID: 0-1551345525
                                                                                                                              • Opcode ID: f99aa65ad2c6d5a58d332938d916eeade28de250531151565fcd718ea84e279b
                                                                                                                              • Instruction ID: 91f369ddeeec513e56c752aea0159915b838fc135208710f2a6d29ca0f68c320
                                                                                                                              • Opcode Fuzzy Hash: f99aa65ad2c6d5a58d332938d916eeade28de250531151565fcd718ea84e279b
                                                                                                                              • Instruction Fuzzy Hash: E422D4B7A08B42CBE7158E18D848326BFE2AFE1308F1DA56ED8996B351E771DC05C741
                                                                                                                              Function 00E612D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: "
                                                                                                                              • API String ID: 0-123907689
                                                                                                                              • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                              • Instruction ID: 96ebabffe84c399de09b6fcb60174e5ae42834358286c40f9d142c53841badce
                                                                                                                              • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                              • Instruction Fuzzy Hash: 9DF15771A483414FC726CF24D49066BBBE6AFC1394F1CD9ADE89AA7382D634DD04C792
                                                                                                                              Function 00E5AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: f88a3f5ed2328c8bb03f7015d10f59a93364089d45dac11759d2132e3a55fca4
                                                                                                                              • Instruction ID: 69c8948b66d39a5d34d6a366644fe72253233a89cdaf7b5cf1b74f9cd490a89b
                                                                                                                              • Opcode Fuzzy Hash: f88a3f5ed2328c8bb03f7015d10f59a93364089d45dac11759d2132e3a55fca4
                                                                                                                              • Instruction Fuzzy Hash: D4E1BA71508306CBC314DF29C89056FB7E2FF98786F649D2CE8C5A7260E331A959CB92
                                                                                                                              Function 00E46EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: a62871f9ca49fa6bfb4a5b77269a2ec878d2549e6658596ea57409a1792e4ddd
                                                                                                                              • Instruction ID: f6d4590b0938c7cf411e9651837b0c50a0f120bdb50e33012457d601b42e47fe
                                                                                                                              • Opcode Fuzzy Hash: a62871f9ca49fa6bfb4a5b77269a2ec878d2549e6658596ea57409a1792e4ddd
                                                                                                                              • Instruction Fuzzy Hash: 10F1B3B5A00701CFC725DF24E881A26B7F6FF49314B149A2DD49BA76A1EB30F855CB41
                                                                                                                              Function 00E57E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: c78c4982d9c7a7bab599270d51b6e75b610ddb9587fc7c44e285adfa53600342
                                                                                                                              • Instruction ID: ba8d527921de9e662a94ccb3c73f31510c52caa0c107c8f3cc48694af85affc7
                                                                                                                              • Opcode Fuzzy Hash: c78c4982d9c7a7bab599270d51b6e75b610ddb9587fc7c44e285adfa53600342
                                                                                                                              • Instruction Fuzzy Hash: 70C1CE75509200ABD710EB14DA82A2BBBF5EF81359F08AC18F8C5B7251E734DC19CBA3
                                                                                                                              Function 00E58D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: c86308d73f01dae2acd8182a67e0f03a8f456c68c9f7e48cd2e8bd69cb1e7ab3
                                                                                                                              • Instruction ID: 1f1fd7cb37441647ea37d68347be42bd7b6011ca93ebad4909c653306e104998
                                                                                                                              • Opcode Fuzzy Hash: c86308d73f01dae2acd8182a67e0f03a8f456c68c9f7e48cd2e8bd69cb1e7ab3
                                                                                                                              • Instruction Fuzzy Hash: 3FD1E070618302DFD744DF65DC90A6AB7E5FF88305F098C6CE88AA72A1DB35E858CB51
                                                                                                                              Function 00E44487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: BI
                                                                                                                              • API String ID: 0-1983775064
                                                                                                                              • Opcode ID: 763b8dd6e6346df952f8a0632115807eee3d6024d6b961f6c3a175c9aee9fa1f
                                                                                                                              • Instruction ID: 4a2e481b06795d4756deaa994af28e6ecdc7e84f4a8bc6791432ed08841b9e0f
                                                                                                                              • Opcode Fuzzy Hash: 763b8dd6e6346df952f8a0632115807eee3d6024d6b961f6c3a175c9aee9fa1f
                                                                                                                              • Instruction Fuzzy Hash: AAE100B5601B008FD325CF28E996B97BBE1FF06704F04886DE4AA97752E735B814CB54
                                                                                                                              Function 00E77FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: P
                                                                                                                              • API String ID: 0-3110715001
                                                                                                                              • Opcode ID: 1cef128c3e52bba03ca1e6405d44db2e5f9074866fabecde0344081a152eedbd
                                                                                                                              • Instruction ID: a50094c745a772ffae375b19f4d406b5aba3b1b07785de2051819c63fbe356ce
                                                                                                                              • Opcode Fuzzy Hash: 1cef128c3e52bba03ca1e6405d44db2e5f9074866fabecde0344081a152eedbd
                                                                                                                              • Instruction Fuzzy Hash: 52D1D2729482618FC725CE18989472EB7E1EB94718F15CA2CE8B9BB390DB71DC06C7C1
                                                                                                                              Function 00E76CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: "p
                                                                                                                              • API String ID: 0-1647296830
                                                                                                                              • Opcode ID: b9cce7dacc5c47bc02c8054f6a7e26d9d90abf3c072f4bcfacab4e0f519c2f48
                                                                                                                              • Instruction ID: 8ec794e5da1e528edfa2bdb0f71fb339ade07986f54b8a7769e80070a300956f
                                                                                                                              • Opcode Fuzzy Hash: b9cce7dacc5c47bc02c8054f6a7e26d9d90abf3c072f4bcfacab4e0f519c2f48
                                                                                                                              • Instruction Fuzzy Hash: 9BD10336618751CFC714CF39D88052AFBE2BB89314F098A6DD899E73A1D731DA48CB91
                                                                                                                              Function 00E5CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 2994545307-3233224373
                                                                                                                              • Opcode ID: 1e14101c753b4336859dce936038ccd2215fadcfbc300a527a75490a5c0a7441
                                                                                                                              • Instruction ID: cd16b9ed2f5ee310383d3107fa8cac6d9caacb5112a7f91629da11f20251984f
                                                                                                                              • Opcode Fuzzy Hash: 1e14101c753b4336859dce936038ccd2215fadcfbc300a527a75490a5c0a7441
                                                                                                                              • Instruction Fuzzy Hash: A4B1F1716083018FD714DF14D891A3BBBE2EF85346F246C2CE9C5AB291E735D859CBA2
                                                                                                                              Function 00E3A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ,
                                                                                                                              • API String ID: 0-3772416878
                                                                                                                              • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                              • Instruction ID: f30a7f7a82c51259c385305de7f2d08f83419f53afb8cc23dd5287dca633c834
                                                                                                                              • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                              • Instruction Fuzzy Hash: C2B117711083819FD324CF18C88465BFFE1AFA9704F488A2DE5D9A7342D671EA58CB57
                                                                                                                              Function 00E6FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: aa86fb237c9d91fd6a9a3b04b41c595e0869c68e1fe760d901f9935cc7c569bf
                                                                                                                              • Instruction ID: 27b9f43e24b0ff76fbbf9fd5949230ba6ae25ad255ad36eb828e8365b3f6f968
                                                                                                                              • Opcode Fuzzy Hash: aa86fb237c9d91fd6a9a3b04b41c595e0869c68e1fe760d901f9935cc7c569bf
                                                                                                                              • Instruction Fuzzy Hash: E381DF71218300EFD710DF65E884B2AB7E5FB99785F04A82CF6C9A7251D731E818CB62
                                                                                                                              Function 00E4D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 2a58fced1b66946710d0714421ad922ebf07e99b7d5f7d75abac057d567d5116
                                                                                                                              • Instruction ID: 08695114fcceee874d0f85d8d89e094cdb8fceb6dce386987e09fc2975fa5d2f
                                                                                                                              • Opcode Fuzzy Hash: 2a58fced1b66946710d0714421ad922ebf07e99b7d5f7d75abac057d567d5116
                                                                                                                              • Instruction Fuzzy Hash: AA61E172909204DFD711EF18EC42A2AB3F0FF94358F08186CF98AAB251E735D914C792
                                                                                                                              Function 00E74A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 70babf12ed14832a8cf699136606fa4b17dce720960f73e1c600f9f4cccb343a
                                                                                                                              • Instruction ID: 8d12604665837965ccb1247642140908845206317ff3fbd4489c429d800eed7b
                                                                                                                              • Opcode Fuzzy Hash: 70babf12ed14832a8cf699136606fa4b17dce720960f73e1c600f9f4cccb343a
                                                                                                                              • Instruction Fuzzy Hash: E761CEB16083019FE716DF25D880B2AF7E6EB84314F18D91DE58DA72A1D772EC04CB92
                                                                                                                              Function 00F0BB0F Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: oPP=
                                                                                                                              • API String ID: 0-3429763004
                                                                                                                              • Opcode ID: 24ae94611c033b655a69999a413787aac74768f112c25430bdf68720e0dd89ce
                                                                                                                              • Instruction ID: 5525054e77846fdfdad38577166b7a17d69417300eb47256c9463a391ad3eb0b
                                                                                                                              • Opcode Fuzzy Hash: 24ae94611c033b655a69999a413787aac74768f112c25430bdf68720e0dd89ce
                                                                                                                              • Instruction Fuzzy Hash: 894178B3A1C3085FF3082D69FC8577BB7C9D781360F1A423EEA4593684E8BA5C0142D5
                                                                                                                              Function 00E3E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00E3E333
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                              • API String ID: 0-2471034898
                                                                                                                              • Opcode ID: 98f54477128a2cc94c79e25f5eff28544295948efa6538fc4d8270f44f92cf31
                                                                                                                              • Instruction ID: f98d08ecfe8101123299c56f611febf10c2eb2d02076e7413d4f58f92d70f918
                                                                                                                              • Opcode Fuzzy Hash: 98f54477128a2cc94c79e25f5eff28544295948efa6538fc4d8270f44f92cf31
                                                                                                                              • Instruction Fuzzy Hash: 19512423A196908BD328893D5C592AA6EC70FE2334F3D976AE9F5AB3F4D5158804C380
                                                                                                                              Function 00E73920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 6371796db7ac9946b7239353282e1470bf41d5d7fcaec288c0f6208d000d55ec
                                                                                                                              • Instruction ID: 48892bd7cbca700b522202ae35525a854e3a0969b4e185dfd7a72162b587e1f6
                                                                                                                              • Opcode Fuzzy Hash: 6371796db7ac9946b7239353282e1470bf41d5d7fcaec288c0f6208d000d55ec
                                                                                                                              • Instruction Fuzzy Hash: DB51CF356092009FCB64DF29D881A2ABBE5FF85308F14D92CE4CEA7251D772DD10EB62
                                                                                                                              Function 00F907F3 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: b^_
                                                                                                                              • API String ID: 0-2575043211
                                                                                                                              • Opcode ID: 90d55791e08c0f3859da8906915ab3aa5806dba7660e2c79960c06e3deca8a4f
                                                                                                                              • Instruction ID: 092764d4f9bfe95663c6d1cc698e988de82f31083415e5680be0058d6587d895
                                                                                                                              • Opcode Fuzzy Hash: 90d55791e08c0f3859da8906915ab3aa5806dba7660e2c79960c06e3deca8a4f
                                                                                                                              • Instruction Fuzzy Hash: 4A415AF36082045BE314696DDC45B6BBBDAEBC0330F2B453EE684C7754E979484282D2
                                                                                                                              Function 00EC5F0A Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 7S~}
                                                                                                                              • API String ID: 0-3175798292
                                                                                                                              • Opcode ID: bbc9fd1b52b5ab63528383edd6425e0de4112f0a58f128c8c3617f1c5fd27488
                                                                                                                              • Instruction ID: 8c3aaed2b0870a911b476a1e20c5cbd49f4e5c7684658a9570874961c0e85dcd
                                                                                                                              • Opcode Fuzzy Hash: bbc9fd1b52b5ab63528383edd6425e0de4112f0a58f128c8c3617f1c5fd27488
                                                                                                                              • Instruction Fuzzy Hash: 9E4116F3A186009FF3046E2DECC5766B6D7EBD4720F2A463CEA98C7384D9785C054686
                                                                                                                              Function 00E41BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: L3
                                                                                                                              • API String ID: 0-2730849248
                                                                                                                              • Opcode ID: a4d4ae40af65e72d7c8754c6a3f88c99ba8f75954f20e68ec6c0dc28f0f684c6
                                                                                                                              • Instruction ID: 686ec020cfc408fd922c1b6f22a44dfc330f11c2b7a41edd25b1763373a39153
                                                                                                                              • Opcode Fuzzy Hash: a4d4ae40af65e72d7c8754c6a3f88c99ba8f75954f20e68ec6c0dc28f0f684c6
                                                                                                                              • Instruction Fuzzy Hash: DA4141B44083809BCB149F25E894A2FBBF0FF86354F04A91CF5C9AB291D736CA45CB56
                                                                                                                              Function 00E6FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 28a4f594d17de38444819db5cbfe7e1dec8702b9d6d42d072ac8244ee8b941df
                                                                                                                              • Instruction ID: 1edcc48bea8a91f6ee5f2f05db911b7bd01fc6e2f217e9732c97e23cb110c4a1
                                                                                                                              • Opcode Fuzzy Hash: 28a4f594d17de38444819db5cbfe7e1dec8702b9d6d42d072ac8244ee8b941df
                                                                                                                              • Instruction Fuzzy Hash: 7731C5B5604305EBD610EA54EC81B2BB7E9EB85758F54AC28F88DF7252E231DC14C763
                                                                                                                              Function 00E5E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 72?1
                                                                                                                              • API String ID: 0-1649870076
                                                                                                                              • Opcode ID: 2afcbc5ae1418c8140796864e7a79af68efd1bf1645216b00f69b710a2fbbe73
                                                                                                                              • Instruction ID: 43e46c26d735a0f26062f2ab70946f31fd006765dff20d38dd53bfaa93ef886e
                                                                                                                              • Opcode Fuzzy Hash: 2afcbc5ae1418c8140796864e7a79af68efd1bf1645216b00f69b710a2fbbe73
                                                                                                                              • Instruction Fuzzy Hash: D631E6B5900204CFC724CF95E8805AFBBF5FB4A345F14189DE84AB7301C335AA09CBA2
                                                                                                                              Function 00E46F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %*+(
                                                                                                                              • API String ID: 0-3233224373
                                                                                                                              • Opcode ID: 16234a9bbaf46f2df1eb7336184e84461075093bde1cd9c3219cda9d804da25f
                                                                                                                              • Instruction ID: f9a6bfb2147b518417523fed3de5ba07cb37f56a122a60cf8fd47259dbfc74c7
                                                                                                                              • Opcode Fuzzy Hash: 16234a9bbaf46f2df1eb7336184e84461075093bde1cd9c3219cda9d804da25f
                                                                                                                              • Instruction Fuzzy Hash: 56415975205B04DFD734CF61E990B26BBF2FB49704F149818E5CAABAA1E772F8008B50
                                                                                                                              Function 00E5E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 72?1
                                                                                                                              • API String ID: 0-1649870076
                                                                                                                              • Opcode ID: 1e29517b42e3956f1e40df7c7662c5394d29ff94e07b252f6d7376f44e056b78
                                                                                                                              • Instruction ID: 88952f94e28e61fd1406fc5a738b0cb258b601d08818fbb4ce022d93b98a515c
                                                                                                                              • Opcode Fuzzy Hash: 1e29517b42e3956f1e40df7c7662c5394d29ff94e07b252f6d7376f44e056b78
                                                                                                                              • Instruction Fuzzy Hash: 6E21A1B5900204CFC724CF95D98056FBBF9BB5A745F14189DE84ABB341C335AE09CBA2
                                                                                                                              Function 00E79CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                                              • Opcode ID: 92cca285d32bda0c9d972ac92bcb395f2967e5ff1f8906f47675afc023ea0229
                                                                                                                              • Instruction ID: 751c6b6ef6d8374d52d1516db0d702e2492daf78a229e48476447c928aee456c
                                                                                                                              • Opcode Fuzzy Hash: 92cca285d32bda0c9d972ac92bcb395f2967e5ff1f8906f47675afc023ea0229
                                                                                                                              • Instruction Fuzzy Hash: D0315A705093009FD324DF15D880A2AFBF5EF9A318F14D92DE6C9A7252D375D904CB66
                                                                                                                              Function 00FA4FFA Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: )i_
                                                                                                                              • API String ID: 0-4024603826
                                                                                                                              • Opcode ID: 23ba5ee4549338c6c37a34103161344bca70d0b42533d3438e296eb366bf45b8
                                                                                                                              • Instruction ID: 4d1f7561984a4689df55fea5c881f42880898d8006104bad29e739f87d9d7581
                                                                                                                              • Opcode Fuzzy Hash: 23ba5ee4549338c6c37a34103161344bca70d0b42533d3438e296eb366bf45b8
                                                                                                                              • Instruction Fuzzy Hash: 132148B3B552008BF3409E39CCC47A6BAC7DBD5320F2A457C9F54C7384E979884A8281
                                                                                                                              Function 00E44E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f1778b9a076079b96815b293930101d6a45108fd03d7a9a5521e2dbe177bef5d
                                                                                                                              • Instruction ID: c9be61307df7f61ac97cc8f8eae958aa7f29372cc22307175aaf9b041cb65720
                                                                                                                              • Opcode Fuzzy Hash: f1778b9a076079b96815b293930101d6a45108fd03d7a9a5521e2dbe177bef5d
                                                                                                                              • Instruction Fuzzy Hash: B36257B5600B008FD725CF24E884B27B7F5EF4A704F54992CD49A9BA92E734F848CB91
                                                                                                                              Function 00E3BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                              • Instruction ID: 187c778250f7b8089271bdb063903fbbdea64a6fcdea2599e921777e376393c4
                                                                                                                              • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                              • Instruction Fuzzy Hash: 86520832A087118BC7259F18D8482BAB7E1FFC4319F395A2DD9D6B3290D735E851CB86
                                                                                                                              Function 00E78652 Relevance: .7, Instructions: 710COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a7cf9bd7621f27a9b89cdaff836b1c56e12086891b91181e82956607f207eff6
                                                                                                                              • Instruction ID: 5c425829080b796cda29280db6f73619a7df500c12df9b8fa8456f3d6d7448d2
                                                                                                                              • Opcode Fuzzy Hash: a7cf9bd7621f27a9b89cdaff836b1c56e12086891b91181e82956607f207eff6
                                                                                                                              • Instruction Fuzzy Hash: 6722CA75609342CFC704DF69E88062ABBF1FF89315F09886DE589A73A2D735D854CB42
                                                                                                                              Function 00E786F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8ba1e3b90d877024882d4b18f3dc23ba03ddb5fb29f8a7b39738e8a24db3bd74
                                                                                                                              • Instruction ID: d797aaa373d52f175c6f33ed4c7d7c64151606ea7c032500c7c67e7ba8070376
                                                                                                                              • Opcode Fuzzy Hash: 8ba1e3b90d877024882d4b18f3dc23ba03ddb5fb29f8a7b39738e8a24db3bd74
                                                                                                                              • Instruction Fuzzy Hash: E922B875209341DFC704DF69E89062ABBF1FF8A305F09896DE589A73A2D335D854CB42
                                                                                                                              Function 00E3B3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f5a7b3a560186ed20db9107fea803a88df8ef75e9ef471bd67240ea1bb07679f
                                                                                                                              • Instruction ID: 0840c4fd7e670e80fccdcf46cd0b0f6070b5feef60d7b9a7920b8450293fb9ce
                                                                                                                              • Opcode Fuzzy Hash: f5a7b3a560186ed20db9107fea803a88df8ef75e9ef471bd67240ea1bb07679f
                                                                                                                              • Instruction Fuzzy Hash: 5152C670908B849FE735CB24C4883A7BFE2EF91318F146D2EC6D716A82C779A985C751
                                                                                                                              Function 00E371F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c79a9b146a5e55b33e782a822d970da40b12a394baaada9b5d2f0593e4e03c15
                                                                                                                              • Instruction ID: 72a12031b265ed7ec1afb98c8e98bfefdd66731429d77ad861c2eefcce5b2617
                                                                                                                              • Opcode Fuzzy Hash: c79a9b146a5e55b33e782a822d970da40b12a394baaada9b5d2f0593e4e03c15
                                                                                                                              • Instruction Fuzzy Hash: C952C0B150C3458FCB29CF28C0846AABFE1BF88318F199A6DE8D967351D774D949CB81
                                                                                                                              Function 00E38FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1d27cf958d5bbe38fe3877b7763cac3b3c33d09fb4e810d004abfa603cb320a3
                                                                                                                              • Instruction ID: 081372424095b927e6a996beb59cedbc7503c773c783183104d221e1ec0e5144
                                                                                                                              • Opcode Fuzzy Hash: 1d27cf958d5bbe38fe3877b7763cac3b3c33d09fb4e810d004abfa603cb320a3
                                                                                                                              • Instruction Fuzzy Hash: 28427875608301DFD708CF29E85475ABBE1BF88315F0988ACE4899B3A1D775D989CF42
                                                                                                                              Function 00E37BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7730e0951d18d6035cf78b44b29ef72930f3069ebeec33378756f4c143d7fe71
                                                                                                                              • Instruction ID: 9ab2fab5e5c791188602c898ecc4fd31832d1d052de5a1a3175b36cc33cc3478
                                                                                                                              • Opcode Fuzzy Hash: 7730e0951d18d6035cf78b44b29ef72930f3069ebeec33378756f4c143d7fe71
                                                                                                                              • Instruction Fuzzy Hash: 333233B0614B108FC378CE29C698566BBF1BF45700BA06A2EE69797B90D736F845CB10
                                                                                                                              Function 00E789A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c5bd9e6565e42630d427b850a7381dfe1ef5416236d7cb0b20d28983b2818a1e
                                                                                                                              • Instruction ID: 99ee1f950da68b27552b430e114da2f65e92a419f8df5a64c87c11b0ee6531ee
                                                                                                                              • Opcode Fuzzy Hash: c5bd9e6565e42630d427b850a7381dfe1ef5416236d7cb0b20d28983b2818a1e
                                                                                                                              • Instruction Fuzzy Hash: C002A97560C341DFC704DF69E880A1ABBF1EF8A315F09896DE589A73A2D335D814CB92
                                                                                                                              Function 00E78A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0c166e502495bce56ae75781e37d097cd93eb68248637a18fa97ec09ac77204f
                                                                                                                              • Instruction ID: 9deb8aaeff1a3e2c12321125992972d6f6f8db5923a655acad2f82081b25b7c1
                                                                                                                              • Opcode Fuzzy Hash: 0c166e502495bce56ae75781e37d097cd93eb68248637a18fa97ec09ac77204f
                                                                                                                              • Instruction Fuzzy Hash: 64F1897560C341DFC705EF69E88061EBBE1EF8A305F09896DE4C9A7262D336D914CB92
                                                                                                                              Function 00E78C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5c97f961e1b5913a86f5dab5dd4759e70c6ef7161326ec7ac1a8c3ca8eca54d7
                                                                                                                              • Instruction ID: 887816f9cd3059a06bf5fef8f292988784c035a99f7b9568786d72daac9cab09
                                                                                                                              • Opcode Fuzzy Hash: 5c97f961e1b5913a86f5dab5dd4759e70c6ef7161326ec7ac1a8c3ca8eca54d7
                                                                                                                              • Instruction Fuzzy Hash: 7FE19C7160C241CFC704DF29E88062AB7F1EF8A315F09896CE599A73A2D736D914CB92
                                                                                                                              Function 00E3A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                              • Instruction ID: 6c1b5acd7a3e39c66ec8940ce7124e19a969966cb534d4c8896530bbd7cf0122
                                                                                                                              • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                              • Instruction Fuzzy Hash: CAF1CD766083418FC724CF29C88566BFBE2EFD8304F08982DE4C597751E639E985CB52
                                                                                                                              Function 00E78E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 34c7f26cd14b4bfd2a8a6a879497de9537f8f53b85b2df5d963fee99ff5aa68f
                                                                                                                              • Instruction ID: 8eda886f64466943789f1001aabbf32a72cd95207abacdbea18096fe4b5b5dec
                                                                                                                              • Opcode Fuzzy Hash: 34c7f26cd14b4bfd2a8a6a879497de9537f8f53b85b2df5d963fee99ff5aa68f
                                                                                                                              • Instruction Fuzzy Hash: 11D18E7460C241DFD705EF29D88061ABBF5EF8A305F09896DE4C9A7262D735D814CB52
                                                                                                                              Function 00E77AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3ee6401e5c40346c54f5b1d24ec181bf270fa2ce4cc03db5e9ebbe31f0d18b04
                                                                                                                              • Instruction ID: 09b8f8021cf814e33a34caf134ca15f51748a56ea84ff7465e84cbc7a2b5c53a
                                                                                                                              • Opcode Fuzzy Hash: 3ee6401e5c40346c54f5b1d24ec181bf270fa2ce4cc03db5e9ebbe31f0d18b04
                                                                                                                              • Instruction Fuzzy Hash: EEB1F472A0C3504BE324DA68CC45B6BB7E5EBC9314F08992DE9DDA7391E735DC048792
                                                                                                                              Function 00E3AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                              • Instruction ID: 783142f000b45391f1018f127fd91ed24a53db4601ea2a6aae314f446a7e5435
                                                                                                                              • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                              • Instruction Fuzzy Hash: 64C15F72A087418FC360CF68DC9A7ABBBE1FF85318F08492DD2DAD6242D778A155CB45
                                                                                                                              Function 00E46536 Relevance: .3, Instructions: 295COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4ec771e71e63d4f7159aa7be644e66982056fac97860267c8a4dc8a679af4389
                                                                                                                              • Instruction ID: d341aa7df23a1f775df9db8704d9ad8c579e29af1bae4a10e361376f2c7737e2
                                                                                                                              • Opcode Fuzzy Hash: 4ec771e71e63d4f7159aa7be644e66982056fac97860267c8a4dc8a679af4389
                                                                                                                              • Instruction Fuzzy Hash: 22B110B4600B408BD325CF24D985B27BBF2EF4A704F14985DE8AA9BB52E335F805CB55
                                                                                                                              Function 00E77710 Relevance: .3, Instructions: 287COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 1bbd97fef609e160ddf0c37c7333269cbf2f5c4df7eee2dd29c9deb559ba71e1
                                                                                                                              • Instruction ID: 659894cd9442dd9ccb2e9d15817249020bcc0e800c086fd7272833427c7e54f4
                                                                                                                              • Opcode Fuzzy Hash: 1bbd97fef609e160ddf0c37c7333269cbf2f5c4df7eee2dd29c9deb559ba71e1
                                                                                                                              • Instruction Fuzzy Hash: D1919B7160C341ABE724CB24D840BABBBE5EB85354F54D81DF9D9A7352E730E940CB92
                                                                                                                              Function 00E7A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6a4e334c3824b59a378d320398e5a9c69e1031987c47bc5954a381536bc500fe
                                                                                                                              • Instruction ID: a4a3cb5b06af5dc860ad6c4504bd9297b3fd4f16bc8686d389a7a501cfc4b814
                                                                                                                              • Opcode Fuzzy Hash: 6a4e334c3824b59a378d320398e5a9c69e1031987c47bc5954a381536bc500fe
                                                                                                                              • Instruction Fuzzy Hash: 3381AF742093419FD724DF28D880A2EB7F5EF85744F49D92CE48AA7261E731EC11CB92
                                                                                                                              Function 00E664F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7fd05750e23c46b38094f4107549b175ff5474bdbcef7824f73a4688df2228ed
                                                                                                                              • Instruction ID: d6eb0ea5b090b9708485e684b6b5c0ddd3a451aed0ab2ff015bdcaf92ddb847c
                                                                                                                              • Opcode Fuzzy Hash: 7fd05750e23c46b38094f4107549b175ff5474bdbcef7824f73a4688df2228ed
                                                                                                                              • Instruction Fuzzy Hash: 49710733B69A904BC3148D3DAC82395AA534BD6378F3DD37AE8B5EB3E5D5294C054341
                                                                                                                              Function 00E528E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: db51a14350242f322674bc82d0aa4ef5a434e1cdf3af1e147e66cd2e9296a119
                                                                                                                              • Instruction ID: 67247f10807abbec55192a4faaa29186b14ac1d54abf9c5a95ec7c9ecc859138
                                                                                                                              • Opcode Fuzzy Hash: db51a14350242f322674bc82d0aa4ef5a434e1cdf3af1e147e66cd2e9296a119
                                                                                                                              • Instruction Fuzzy Hash: 426198B44083408BD310EF15D841A2ABBF0EFA6755F186D1DF9C6AB261E339D918CB67
                                                                                                                              Function 00E57C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8f5ab7cc37ef93ff9eb3fa5bd82ab8b899b933c688557d4bdbf9f0177cd652b6
                                                                                                                              • Instruction ID: 9f0a6418db812beed35621cf4c3cc9a8b5af32a9716a372ad8cb25e6e12e879b
                                                                                                                              • Opcode Fuzzy Hash: 8f5ab7cc37ef93ff9eb3fa5bd82ab8b899b933c688557d4bdbf9f0177cd652b6
                                                                                                                              • Instruction Fuzzy Hash: 8D51DFB16083049BDB209B24DC86BB773B4EF86359F146958F9C6AB290F371EC18C761
                                                                                                                              Function 00E61860 Relevance: .2, Instructions: 217COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                              • Instruction ID: 002cfa2e4b66d5cdc02588a83be081d2a1be95da9fe185cbe5d02f142ffa8709
                                                                                                                              • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                              • Instruction Fuzzy Hash: DE610E316883419BD716CE6CE48032EBBE2EBC53D4F6CE9ADE089AB251D270DC819741
                                                                                                                              Function 00E682D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a6f9cd6c1b9b43e2ec9bd9c912eb7f16f198d7cf066d3914c01a02bd41332f2d
                                                                                                                              • Instruction ID: 44df69852d475f056f9862d14fc3dacab0a7ced087aa3011d1f86df935d9e699
                                                                                                                              • Opcode Fuzzy Hash: a6f9cd6c1b9b43e2ec9bd9c912eb7f16f198d7cf066d3914c01a02bd41332f2d
                                                                                                                              • Instruction Fuzzy Hash: EB617A33ADE9908BC318853D2D553E66A831BE6374F3DE36AD8F5AB3E4CD6948054341
                                                                                                                              Function 00E442FC Relevance: .2, Instructions: 206COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8ddc5ad0d3dbf73e6b9eddb8ff25750f28d018f33196817001375b146a0e0b90
                                                                                                                              • Instruction ID: 0acae5870396029ef58b7503d9c5399c924857f48bf34d55bbb64a24cf704f54
                                                                                                                              • Opcode Fuzzy Hash: 8ddc5ad0d3dbf73e6b9eddb8ff25750f28d018f33196817001375b146a0e0b90
                                                                                                                              • Instruction Fuzzy Hash: DA81F0B4810B00AFD360EF39D947797BEF4AB06201F404A1DE4EA97694E730A419CBE3
                                                                                                                              Function 00FEF9CC Relevance: .2, Instructions: 195COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8e377cad15ae397ec42e3ad3e187e713a702ec33e07f57efdbb561abaeac6c5c
                                                                                                                              • Instruction ID: 5248962340c84a8f10932ca8c0cdde776adc44a5bccc578b1b6ec22f2428b992
                                                                                                                              • Opcode Fuzzy Hash: 8e377cad15ae397ec42e3ad3e187e713a702ec33e07f57efdbb561abaeac6c5c
                                                                                                                              • Instruction Fuzzy Hash: 87616BF7F1162607F350497ACD8836266839BE5320F3F82758A5C5BBCAD8BD5D0A5384
                                                                                                                              Function 00E6E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                              • Instruction ID: 1481cc1978858971803d22424655339c0a4390796e64998061f820e168100214
                                                                                                                              • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                              • Instruction Fuzzy Hash: 4D517CB56083548FE314DF69D89435BBBE1BBC5358F044E2DE4E993390E379DA088B82
                                                                                                                              Function 00E77520 Relevance: .2, Instructions: 176COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3f3bf300b71a0a9536421894d0554636756085b38513b5b63ea9c0525f249c10
                                                                                                                              • Instruction ID: aed1c4599126fe9928a0bd37b954b4e3f5f0cdc46b8efdbfc09c1a0efa8f0c56
                                                                                                                              • Opcode Fuzzy Hash: 3f3bf300b71a0a9536421894d0554636756085b38513b5b63ea9c0525f249c10
                                                                                                                              • Instruction Fuzzy Hash: 2651E43160C2109FC7159E19DC90B2EB7E6EB85358F28DA2CE8ED67391D632EC14C791
                                                                                                                              Function 00F378F2 Relevance: .2, Instructions: 166COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 26f711cb725b9705dde1fef4f5ce46dcb5b4dd90174996228d1db9078fe15e41
                                                                                                                              • Instruction ID: 4e8dad382c2da3b070b3e95ac185d8b23dd5b37e609380a5173e6047829ef59b
                                                                                                                              • Opcode Fuzzy Hash: 26f711cb725b9705dde1fef4f5ce46dcb5b4dd90174996228d1db9078fe15e41
                                                                                                                              • Instruction Fuzzy Hash: C65113F3A086049BE300AA2DDC8576EBBD6EBD4710F1B853CDBC887744E53998058796
                                                                                                                              Function 00E35A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 26b2e181d81a75be68d667360e414273649a3183f0604bce37163e9f20a5903d
                                                                                                                              • Instruction ID: a85f3f59f60844ce209166734c0d1b56ea6f38652fc3efc573022bd96686c2f3
                                                                                                                              • Opcode Fuzzy Hash: 26b2e181d81a75be68d667360e414273649a3183f0604bce37163e9f20a5903d
                                                                                                                              • Instruction Fuzzy Hash: A251C3B6A047049FC714DF14C894926FBE1FF85328F156A6CE899AB352D631EC42CB92
                                                                                                                              Function 00E5EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 764ca2e12724a8e009a47269460fb406a43ea4540fa55b22a1d73f4a72fa95df
                                                                                                                              • Instruction ID: 6e7d1bda564ed5ae7f639d18c1487e74e26366f3ae6343ef6992ff4a59d973ba
                                                                                                                              • Opcode Fuzzy Hash: 764ca2e12724a8e009a47269460fb406a43ea4540fa55b22a1d73f4a72fa95df
                                                                                                                              • Instruction Fuzzy Hash: 7A41CD74900315DBDF248F94DC91BA9B7B0FF0A305F145588E945BB3A0EB38AA15CB91
                                                                                                                              Function 00E79B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 368b282718c7881907bf3a9e1f8a69c96f266c2f48bec9e5353e00efde1c9216
                                                                                                                              • Instruction ID: e96d3b7351d1319170ed00d829caabe897ddd7c9a20fe6b0f0009c8b108e279c
                                                                                                                              • Opcode Fuzzy Hash: 368b282718c7881907bf3a9e1f8a69c96f266c2f48bec9e5353e00efde1c9216
                                                                                                                              • Instruction Fuzzy Hash: 12418B74208300AFDB11DB15D990B2AFBE6EF85714F28D82CF58EA7252D371E801CB66
                                                                                                                              Function 00E42030 Relevance: .1, Instructions: 136COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8696759dc633c3dcec68e1ff06b2511e2fa34770eb77e505ba5ad9519ac0f010
                                                                                                                              • Instruction ID: 588990ee9fa98ce1fa14d8596d66ace679207da8933d784c80cf86d2d645c49f
                                                                                                                              • Opcode Fuzzy Hash: 8696759dc633c3dcec68e1ff06b2511e2fa34770eb77e505ba5ad9519ac0f010
                                                                                                                              • Instruction Fuzzy Hash: 55410732A083654FD35CCE2A94A023ABBE2AFC4300F59862EF5D6973D0DAB58945D781
                                                                                                                              Function 00E41E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a874125f7025b88dd5b0f7796aa2c64b07930b35d9a1b60c4745baec771a3d03
                                                                                                                              • Instruction ID: 63a0745082eaa087c7a907adb5dbc27d69e88453e6bb5cab9da9b49dbf527443
                                                                                                                              • Opcode Fuzzy Hash: a874125f7025b88dd5b0f7796aa2c64b07930b35d9a1b60c4745baec771a3d03
                                                                                                                              • Instruction Fuzzy Hash: BB41F07460C380ABD721AB59D884B1EFBF5FB86345F14491CF6C4A7292C376E8188B66
                                                                                                                              Function 00E78D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a1cf81c6dda51cf89b751ea368d3875a5dfe5b59d5c0055ac1795b85cfe711d7
                                                                                                                              • Instruction ID: e33263517cad94460c14d204113d4783c398a12b9e9bc2e7ed16744eb7ca1576
                                                                                                                              • Opcode Fuzzy Hash: a1cf81c6dda51cf89b751ea368d3875a5dfe5b59d5c0055ac1795b85cfe711d7
                                                                                                                              • Instruction Fuzzy Hash: EE41103164C2508FC315DF68C59452EFBEAEFA9304F099A2DD5D9E72A1CB34DD018B82
                                                                                                                              Function 00E4D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 269e3ba42e61672e5f1918050f465dc4e63c0e854e8147ea839417bb08e6c8e3
                                                                                                                              • Instruction ID: de9614380bc9ca516f15dfbab4183b6c18c94122089fa7c1fe0939e428255497
                                                                                                                              • Opcode Fuzzy Hash: 269e3ba42e61672e5f1918050f465dc4e63c0e854e8147ea839417bb08e6c8e3
                                                                                                                              • Instruction Fuzzy Hash: BA41CBB16483818BD3309F10D845BABB7F0FF96364F041958E59AABBA2E7748844DB53
                                                                                                                              Function 00E6F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                              • Instruction ID: 7533b1d4cc3e3108e6fef11f6dcbc8bd078efbba9825c6ae9c4f9671638551e4
                                                                                                                              • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                              • Instruction Fuzzy Hash: 612137329082244BC3249B1DE48053BF7E4EB9A748F06E63ED9C4A7296E7359C1087E1
                                                                                                                              Function 00E767EF Relevance: .1, Instructions: 101COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 729027d1bde2db2f4d3f937f91beb7e5df5850195b6beb944b966ef190c21cae
                                                                                                                              • Instruction ID: ec4cc460982589b98e95814f35af5be5095feeb010bcda389a6580008d789a58
                                                                                                                              • Opcode Fuzzy Hash: 729027d1bde2db2f4d3f937f91beb7e5df5850195b6beb944b966ef190c21cae
                                                                                                                              • Instruction Fuzzy Hash: 413106705183829AE714CF15C49062FBFF0EF96788F54A90DF4C8AB265D334D985CB9A
                                                                                                                              Function 00E55E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dbac50492805765b4be576f9c3a2be6f223ed9ac7f428b5c2714c675e91f9818
                                                                                                                              • Instruction ID: 6457b364b387a2c2046f41729e304a4eb18dc895ede7fee7706808e08735c904
                                                                                                                              • Opcode Fuzzy Hash: dbac50492805765b4be576f9c3a2be6f223ed9ac7f428b5c2714c675e91f9818
                                                                                                                              • Instruction Fuzzy Hash: 2921A371508201DBC3109F18C85192BB7F4EF9275AF549D08F8D9AB251E334D908CBA3
                                                                                                                              Function 00E349A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                              • Instruction ID: d9c4e0bbeaebcd5178210ab06667434a826b6ad0f475df0238345a98180aae76
                                                                                                                              • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                              • Instruction Fuzzy Hash: F431F0716482019BD7119E18D888667BBE1EFC435DF14996CE495E7381E331FC42CB45
                                                                                                                              Function 00E764B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1f3434509d857cfdfcf5e31f01a0b356354ded0afcc6bf2719f7bbf50681f7ae
                                                                                                                              • Instruction ID: 5b9ead86217e02e456b5a74f2bb0bb99b8f3e04459d789cd1dd91e17e9e6d8cf
                                                                                                                              • Opcode Fuzzy Hash: 1f3434509d857cfdfcf5e31f01a0b356354ded0afcc6bf2719f7bbf50681f7ae
                                                                                                                              • Instruction Fuzzy Hash: 5321667060C601AFC704EF1AD480A2EFBE2FB95748F28D81CE4C9A7261D335A855CB62
                                                                                                                              Function 00E6B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                              • Instruction ID: 88b442898236b7f046199a579451fa7f556ac9f8a340418132e44a3d3df74b92
                                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                              • Instruction Fuzzy Hash: AA11E933A451D50EC3168D3CD4405A9BFA31AA3274B5953A9F4B4EB2D2D7238DCA8355
                                                                                                                              Function 00E60B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                              • Instruction ID: a5ff6232aab94d1436518ecdcb45e43f1387627b22f1e23163903f7616b16f75
                                                                                                                              • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                              • Instruction Fuzzy Hash: A201B1F5A4031247E720DE10A4D0B3BB2E8AF8079CF18A52CE80677202DB72EC04C391
                                                                                                                              Function 00E5D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9597ae31fca5f6213de0e6aa1d58069f03a83216b570f84bea2738287e7fa5d5
                                                                                                                              • Instruction ID: 9045e05279c242dd9a25d2a5716755e173185d19dc00537339f5188baf1a9f92
                                                                                                                              • Opcode Fuzzy Hash: 9597ae31fca5f6213de0e6aa1d58069f03a83216b570f84bea2738287e7fa5d5
                                                                                                                              • Instruction Fuzzy Hash: FA11DDB0418380AFD3209F618484A1FFBE5EB96754F149C0DE5A4AB251C375D819CB56
                                                                                                                              Function 00E36EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4cd58bb595ddce6689f9eeb67a69d667e6427052163981e9e7037b903e89e280
                                                                                                                              • Instruction ID: de3908926afda7ee15bc48c589062b73d43bcd3851b87ae36c4694757efb9268
                                                                                                                              • Opcode Fuzzy Hash: 4cd58bb595ddce6689f9eeb67a69d667e6427052163981e9e7037b903e89e280
                                                                                                                              • Instruction Fuzzy Hash: A1F0243A71820A1FA610CDBBA88883BF796DBC9359F14A538EA44E3201DD72E8069190
                                                                                                                              Function 00E6B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                              • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                              • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                              • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                              Function 00E4C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                              • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                              • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                              • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                              Function 00E4B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                              • Instruction ID: 55671cc5733f49cec10079c69d7abd1537c51bc273a70d453298ca81932b8a37
                                                                                                                              • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                              • Instruction Fuzzy Hash: 19F0ECB160451057DF228A54BCC0F37BBDCCB87358F192426F94567503E261D845C3E5
                                                                                                                              Function 00E68220 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 161583835855ccbccd84bfc8d67367a6bc62375b88c7e9e7b1c5b5a7e89e639f
                                                                                                                              • Instruction ID: 5344862443183f47a7011e5cffd8015660dd543a70bc34d58dd2132661ef7778
                                                                                                                              • Opcode Fuzzy Hash: 161583835855ccbccd84bfc8d67367a6bc62375b88c7e9e7b1c5b5a7e89e639f
                                                                                                                              • Instruction Fuzzy Hash: 1D01E4B04147009FD360EF29C846747BBF8EB48714F108A1DE8AECB680D770A548CB82
                                                                                                                              Function 00E71440 Relevance: .0, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                              • Instruction ID: a2a5d297afa3258049b1be185f8fa89774334fffefc133c060f19ceeac690fcc
                                                                                                                              • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                              • Instruction Fuzzy Hash: 4DD05E31608321469B648E1DA400977F7F0EA87B55F49A59EF59AE3148E230DC41D2A9
                                                                                                                              Function 00E41ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e487600c791fa9f8eee687ecc96cc2caa4914658acea4c5fc29138a986a956bf
                                                                                                                              • Instruction ID: 08c6959377d7ba5701eb754cb7a81956b597591277f8130142013142a92fb87b
                                                                                                                              • Opcode Fuzzy Hash: e487600c791fa9f8eee687ecc96cc2caa4914658acea4c5fc29138a986a956bf
                                                                                                                              • Instruction Fuzzy Hash: 96C08C34A180018FC644CF02FC95432B3B8A70730CB00703ADA2BF3262EA20C84A9A09
                                                                                                                              Function 00E76094 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 24986046b76ae1f82a841d5b448fd3d5008496adb4b06abed8e7e92d3eb0f3db
                                                                                                                              • Instruction ID: c9431abce247aa72e646a683c8bbf81124ef1642401975997029647a53ad4922
                                                                                                                              • Opcode Fuzzy Hash: 24986046b76ae1f82a841d5b448fd3d5008496adb4b06abed8e7e92d3eb0f3db
                                                                                                                              • Instruction Fuzzy Hash: D2C09B7475C1008BA10CCF15DA51475F3769B97F14724F01DC80E33255C134DD16961C
                                                                                                                              Function 00E41A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c43266dff5753657bf256293a910613f4fa81d137ab211a2074ea320f4c8e230
                                                                                                                              • Instruction ID: a37528675f5d40e01e5965f65b01714d879690ca2a2f330af17c55f98209d066
                                                                                                                              • Opcode Fuzzy Hash: c43266dff5753657bf256293a910613f4fa81d137ab211a2074ea320f4c8e230
                                                                                                                              • Instruction Fuzzy Hash: 67C09B34A5D040CFC644CF87F8D1571A3FD570720CB10303AD717F7261D560D4499509
                                                                                                                              Function 00E75FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1511149673.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.1511129946.0000000000E30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000000E90000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001018000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.00000000010F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001123000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511187178.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511429216.000000000113A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511529360.00000000012D7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.1511547600.00000000012D8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_e30000_file.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 69d02143303ee3482295359ef39daee24c8a5da96e3f429041c5c5c9a932cd56
                                                                                                                              • Instruction ID: 5c13243a0d111bd72ff1241c317adb8d72d1901c695cb7ad4a5779a85b412827
                                                                                                                              • Opcode Fuzzy Hash: 69d02143303ee3482295359ef39daee24c8a5da96e3f429041c5c5c9a932cd56
                                                                                                                              • Instruction Fuzzy Hash: 3FC09274B680008FA24CCF2ADE51935F2BA9B8BE28B14B02DC80AB3256D134DD1A870C